Jump to content
Kwelwild

Hack Of The Day: How Do I Run Untrusted Shellcode?

By Kwelwild, in Tutoriale video

Recommended Posts

Kwelwild Newbie

Kwelwild

Posted
Posted



Description: A lot of times we download shellcode from sites like [ Shell-Storm.org ] | Home | and http://exploit-db.com but have no clue what that do. We believe what the shellcode description says and we are happy to run it. Would you trust a hacker? :) In this video, we look at the first step on how to systematically run and analyze shellcode.

In course of this video, we will discover that the shellcode in question uses a JMP-CALL-POP technique and uses XOR encoding to hide the real shellcode. We then move on to find the two syscalls it makes setreuid and execve. Upon analysis of the arguments of the syscall, we figure out that the shellcode after decoding itself, runs "/bin/ksh"

Link to Shellcode: Linux/x86 - setreuid (0,0) & execve(/bin/ksh, [/bin/ksh, NULL]) + XOR encoded - 53 bytes
Shellcode Author: https://twitter.com/@egeektronic

Surs?: Hack Of The Day: How Do I Run Untrusted Shellcode?
  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...