In this blog post, we will analyze shellcodes created from msfvenom. We will focus on Linux – x86 as the target OS and architecture.Let’s begin by listing all the available shellcodes for Linux x86 architecture. Shellcodes to be analyzed: # Name Description 1 Linux/x86/exec Execute an arbitrary command 2 linux/x86/adduser Create a new user with…
Custom encoder
In this blog post we will meet what we call a malware’s best friend – Obfuscation. We will create a custom encoder which will obfuscate our actual payload and de-obfuscate it only during runtime. Obfuscation (in the context of software) is a technique that makes binary and textual data unreadable and/or hard to understand. –…
Egghunters
To define in a single line, egg hunting is the process of searching a process’s Address Space in a reliable manner for a given key (egg). Egg-hunt (Wikipedia) This is another form of staged shellcode, which is used if an attacker can inject a larger shellcode into the process but cannot determine where in the process it…
Writing a Reverse Shell in x86 Assembly Language
A reverse shell is a connection established from the victim’s system to the attacker controlled system over a specific port. The major difference between a bind shell and a reverse shell lies in the flow of connection. In this blog post, we will create a reverse shell leveraging the ASM code from the previous post….
Writing a Bind Shell in x86 Assembly Language
A bind shell can be simply defined as a connection established from the attacker’s machine to the victim’s machine which presents the attacker with a comamnd line shell access of the victim’s machine.In this blog post, we will go through the process of the components involved in a bind shell and create our own. In…