SLAE64: Assignment 2 – Reverse TCP Shell

This is the second assignment for the SecurityTube Linux Assembly Expert certification, it consists in the creation of a password protected reverse shell.

A reverse shell is similar to a bind shell but instead of waiting passively for remote connections, it actively connects to a specified IP address and redirects STDIN, STDOUT and STDERR to that socket.

Again, I’ve written a very small C program to test if I’ve fully grasped the concept, such program is below. In this case the program starts a new connection to itself on 127.0.0.1 on port 8967.

As this was tested and validated to be working properly, the job of translating it to Assembly began.

The result below is not a line by line translation as that would be nonsense, one should take the time to optimize whenever some refactoring is required.

Since I was using 127.0.0.1 as the remote IP for the connection, and the address includes NULL characters, I’ve had to use a trick that I’ve learned in SLAE videos, XOR the desired value with some character (0xAA in this case) and XOR back with it once it is loaded in some register.

All code is available from my Github repo.


This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert Certification.

Student ID: SLAE64-1440

Leave a Reply

Your email address will not be published. Required fields are marked *