Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

rwx-777/Shellcoding_LearningRepo

BranchesTags
Open more actions menu

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
CompileNasm.sh
CompileNasm.sh
 
 
README.md
README.md
 
 
Reverse_TCP_shell.c
Reverse_TCP_shell.c
 
 
Reverse_TCP_shell.nasm
Reverse_TCP_shell.nasm
 
 
StackOverflow-Linux.c
StackOverflow-Linux.c
 
 
TCP_bind_Shell.c
TCP_bind_Shell.c
 
 
TCP_bind_Shell.nasm
TCP_bind_Shell.nasm
 
 
buffer.c
buffer.c
 
 
execve-ls.c
execve-ls.c
 
 
execve-sh.c
execve-sh.c
 
 
execve-sh.nasm
execve-sh.nasm
 
 
execve.c
execve.c
 
 
exploit-final.py
exploit-final.py
 
 
exploit.py
exploit.py
 
 
exploit2.py
exploit2.py
 
 
exploit3.py
exploit3.py
 
 
exploit4.py
exploit4.py
 
 
hello-world-no-badchars.nasm
hello-world-no-badchars.nasm
 
 
input.txt
input.txt
 
 
jmp-call.nasm
jmp-call.nasm
 
 
makeShellcode.sh
makeShellcode.sh
 
 
pattern
pattern
 
 
peda-session-buffer.txt
peda-session-buffer.txt
 
 
peda-session-jmp-call.txt
peda-session-jmp-call.txt
 
 
peda-session-whoami.txt
peda-session-whoami.txt
 
 
shellcode-exec.c
shellcode-exec.c
 
 
shellcodeExecuter-HelloWorld.c
shellcodeExecuter-HelloWorld.c
 
 
stack-technique.nasm
stack-technique.nasm
 
 

Repository files navigation

Shellcoding_LearningRepo

You should look through my Assembly LearningRepo first before learning Shellcoding.

Bad character

We need to remove all bad chars from our shellcode in order for it to work

  • 00: This is the zero value or null terminator(\0)
  • 0A: This is the line feed(\n)
  • FF: This is the form feed(\f)
  • 0D: This is the carriage return(\r)

Relative address technique

we shall use "lea , [rel ]" where the rel instruction will compute the address of the source relative to the RIP register.

Jmp-call technique

We first jmp to the string we want to move to a register, after that we call the actual code using "call" this will push the strings address to the stack. Then we pop the address (not the String itself) into that register. voila!

Stack technique

We Reverse String & encode it into hex then copy the hex bytes into our code so we do not have to store the string in any register.

$python

string = 'hello World'

string[::-1].encode('hex')

We need to convert port to htons using Python:

import socket

hex(socket.htons(1234))

And we need to pack the IP in a 32 bit format:

import socket

socket.inet_aton("192.168.0.1")[::-1]

About

You should look through my Assembly LearningRepo first before learning Shellcoding.

Topics

c shellcode nasm shellcode-loader nasm-assembly shellcoding shellcode-injection

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages
Morty Proxy This is a proxified and sanitized view of the page, visit original site.