Anurag's Blog

Before we start , I would like to bring your attention to this SLAE course from securitytube which will help you learn Shellcoding -  http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ We all use metasploit in our daily pentest engagements so let's break-up some of the shellcode comes with metasploit. Analysis :  1. linux/x86/chmod  2. linux/x86/exec  3. linux/x86/read_file 1. linux/x86/chmod -   msfvenom -p linux/x86/chmod -f raw | ndisasm -u - msfvenom -p linux/x86/chmod -f c msfvenom -p linux/x86/chmod -f raw | sctest -vvv -Ss 100000 -G chmod.dot dot chmod.dot -Tpng -o chmod.png  2. linux/x86/exec -   msfvenom -p linux/x86/exec CMD=ls FILE=tmp.bin -f raw | ndisasm -u - msfvenom -p linux/x86/exec CMD=ls -f c msfvenom -p linux/x86/exec CMD=ls FILE=tmp.bin -f raw | /opt/libemu/bin/sctest -vvv -Ss 100000 -G exec.dot dot exec.dot -Tpng -o exec.png 3. linux/x86/read_file - ...

Before we start , I would like to bring your attention to this SLAE course from securitytube which will help you learn Shellcoding -  http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ AGENDA  :   1. Introduction to Insertion Encoder 2. Create a custom encoding scheme similar to the “Insertion Encoder”  3. P roof of concept using the execve-stack as the shellcode to encode  1.  Introduction to Encoding: Encoding  is the process of converting data from one form to another. Insertion encoding  is used to obfuscate shellcode instructions by adding some extra instructions .This reduces the detection of shellcode. 2.  Create a custom encoding scheme similar to the “Insertion Encoder”  : I have written a python encoder which takes every byte of shellcode and do a XOR operation . After the XOR encoding we keep on inserting random bytes in between shellcode.  3. Proof of Concept using exec...