Phrozen Timeline

NASM Shell++ is an enhanced version of the Metasploit Framework NASM Shell.

You can edit instructions, specify bad characters and finally export your final payload in Python, C or CPP

Read more...

Assignment Goals (SLAE-1530)

1) Create a TCP Reverse Shellcode for Linux x86-32.

2) The port number should be easily configurable.

3) The IP address should be easily configurable.

3) Bonus if getting referenced in exploit-db or shell-storm.

TCP Reverse Shell Principle

In first exercise we learnt how to create our own TCP Bindshell shellcode using few syscalls (socketcall(), dup2() and execve()).

A reverse shell is almost identical to a classic bindshell, this time instead of having a shellcode that listen for new clients, we will create a shellcode that will connect back to a remote server.

Fortunately, on Linux by default, we do not have any restrictions to manage sockets in client mode.

Read more...

Assignment Goals (SLAE-1530)

1) Create a TCP Bindshell Shellcode for Linux x86-32.

2) The port number should be easily configurable.

3) Bonus if getting referenced in exploit-db or shell-storm.

TCP Bindshell Principle

In few words, a TCP Bindshell is a tiny server program that waits for new clients on a specific port.

When a new client connects to the server it will spawn a new shell (Ex: /bin/bash or /bin/sh) and "binds" its file descriptors stdin(0) stdout(1) stderr(2) to the new client socket.

Yes, a socket is nothing more than a file.

One infamous method to easily create a bindshell is to use Netcat as following:

root@local:# mknod /tmp/backpipe p && /bin/sh 0</tmp/backpipe | nc -lvp 443 1>/tmp/backpipe

When you connect to port 443 (with any dumb client program ex: Netcat, Telnet) you will get remote control over shell instance.

user@local:$ nc 127.0.0.1 443

Read more...