For assignment 6 of the SecurityTube Linux Assembly Expert certification the idea is to create polymorphic versions of existing shellcodes, specifically taken from shell-storm.org.
A polymorphic version of a shellcode is just the same functionality written with different instructions, registers and including nop instructions to break patterns and prevent detection.
For this assignment I chose the following shellcodes to work with:
- Linux/x86-64 – Read /etc/passwd – 82 bytes
- Linux/x86-64 – Add map in /etc/hosts file – 110 bytes
- Linux/x86-64 – setuid(0) + execve(/bin/sh) – 49 bytes
Continue reading SLAE64: Assignment 6 – Polymorphic shellcodes
This is the last payload that I’ve debugged so far for the 5th assignment on SecurityTube Linux Assembly Expert certification.
This time I opted by looking at the payload linux/x64/exec with the option to run ‘/bin/sh’.
Continue reading SLAE64: Assignment 5 – Metasploit payloads analysis #3
The second payload that I decided to analyze for the 5th assignment of the SecuritTube Linux Assembly Expert certification was linux/x64/shell/bind_tcp.
Continue reading SLAE64: Assignment 5 – Metasploit payloads analysis #2
For the 5th assignment of the SecurityTube Linux Assembly Expert certification, I needed to analyze some metasploit payloads for Linux x64.
I started by looking at the linux/x64/shell_reverse_tcp.
Continue reading SLAE64: Assignment 5 – Metasploit payloads analysis #1
This is assignment #4 for the SecurityTube Linux Assembly Expert certification. It consists in the implementation of a custom encoder.
Encoding is a common strategy for obfuscating a shellcode payload as to avoid signature and pattern detection.
Continue reading SLAE64: Assignment 4 – Custom Encoder
This is the third assignment for the SecurityTube Linux Assembly Expert certification, it consists in the demonstration of my own implementation of an Egg Hunter that works with different payloads.
An Egg Hunter is a piece of code that will search for specific pattern, called the ‘egg’, in memory in order to find it’s address which usually prepends another injected payload containing the actual shellcode.
Continue reading SLAE64: Assignment 3 – Egg Hunter
This is the second assignment for the SecurityTube Linux Assembly Expert certification, it consists in the creation of a password protected reverse shell.
A reverse shell is similar to a bind shell but instead of waiting passively for remote connections, it actively connects to a specified IP address and redirects STDIN, STDOUT and STDERR to that socket.
Continue reading SLAE64: Assignment 2 – Reverse TCP Shell
I’ve been taking the SecurityTube Linux Assembly Expert certification, this is the first assignment, the creation, in assembly, of a password protected bind shell.
A bind shell is essentially an open port on a machine that has STDIN, STDOUT and STDERR redirected to an inbound socket. It gets the name from the bind() system call which is a necessary step for listening on a port.
Continue reading SLAE64: Assignment 1 – Bind TCP Shell with password
Just found that I need to be really careful when refactoring code that requires me to remove views from my project. I spent about 15 minutes trying to understand what the hell was going on, I was just receiving the following error:
2011-12-03 15:04:52.341 UIScroll1[80115:f803] *** Terminating app due
to uncaught exception 'NSUnknownKeyException', reason:
'[<UIScroll1ViewController 0x6d70990> setValue:forUndefinedKey:]:
this class is not key value coding-compliant for the key customView.'
I tried completely deleting my project from the device and simulator, running it again and still the same error. It turns out that I had removed all code references to customView but completely forgot about removing the outlets in the xib (Yeah still not a fan of storyboard).
So I guess I won’t be CTRL-dragging to hook up outlets anymore, it’s actually better to CTRL-Click on element or using the Connections editor because that way I can easily see warnings near broken or invalid connections.
I recently had the need to run some older Lisp code on OSX 10.5.8 which used CLSQL, unfortunately this was enough to cause me a couple of lost hours trying to compile and load the CLSQL helper libraries.
Continue reading Fixing CLSQL on OSX 10.5.8