Skip to content

thombles/slae

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits

a1-bind

a1-bind

 
 

a2-reverse

a2-reverse

 
 

a3-egghunter

a3-egghunter

 
 

a4-coder

a4-coder

 
 

a5-msf

a5-msf

 
 

a6-polymorphic

a6-polymorphic

 
 

a7-crypter

a7-crypter

 
 

execve-stack-shell

execve-stack-shell

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

SLAE Assignments Source Code

This repository contains the source code and build scripts for the assignments in the SecurityTube Linux Assembly Expert (SLAE) course.

Student ID: SLAE-1294

Building assignments

Required packages are python 2, nasm, build-essential on a 32-bit Linux system. The author used a 32-bit Kali Linux VM.

In general for program.nasm, build.py will emit files like these:

  • program.elf - fully linked ELF32 binary containing this code
  • program.raw - raw bytes of the .text section of the ELF binary
  • shell_test.c - a C program that invokes the shellcode directly, simulating an EIP overwrite
  • shell_test - compiled version of the test C program

Assignment 1: TCP Bind Shell

Run the build script with the desired listening port.

./build.py 4444

Assignment 2: TCP Reverse Shell

Run the build script with the IP address and port of the remote listener. An error will be returned if either will introduce null bytes into the shellcode.

./build.py 127.1.1.1 4444

Assignment 3: Egghunter

Run the build script with the raw text of an egg script. It will output both the hunter shellcode and the egg shellcode with the appropriate header appended.

./build.py ../a1-bind/bind.raw

Assignment 4: Coder/Decoder

Some unencoded payload is required to build this, as it will be included in encoded form inside the decoder. For testing I have created a separate shellcode under /execve-stack-shell. Build it:

./build.py

This will produce a shell.raw file containing the assembled code.

Then inside /a4-coder:

./build.py ../execve-stack-shell/shell.raw

The build script will encode shell.raw and embed it in the assembled product.

Assignment 5: Analysis of MSF payloads

There is nothing to build here. The .raw files and passwd file mentioned in the analysis blog post are kept here for reference.

Assignment 6: Shellcode polymorphism

There is some miscellaneous stuff about the original shellcodes from shell-storm in the *-original folders. The *-poly folders contain my reworked version of each. No parameters are required for any of these.

  ./build.py
  • nc: Creates a bind shell by invoking /bin/nc with suitable parameters
  • shadow: Uses a chmod syscall to set /etc/shadow to 0666 permissions
  • iptables: Invokes iptables -F to clear firewall rules

Assignment 7: Crypter and decrypter

This one has two programs, crypter and decrypter. The shellcode to be encrypted must be prepared separately. For example, to use the execve-stack-shell shellcode and the password abcdef run these commands:

 ./build_crypter.sh
 cat ../execve-stack-shell/shell.raw | ./crypter abcdef | tee encrypted.h
 ./build_decrypter.sh

This will build the decrypter with the encrypted shellcode inside it, via the encrypted.h header. It can be run by passing the chosen password as a command line parameter:

 ./decrypter abcdef

About

Assignments for SecurityTube Linux Assembly Expert (SLAE) course

Resources

Readme

License

Unlicense license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages