Nytro Posted April 20, 2013 Report Share Posted April 20, 2013 [h=1]Shellcode analysis on Linux x86 32bit[/h]Andrea Sindoni April 16, 2013Most of the programs that we use every day contain bugs; a bug is a malfunction in a program, which can make the program take unwanted actions or errors. These bugs or vulnerabilities can be exploited by writing a code that is usually called an exploit. The most common types of vulnerabilities are those that concern the corruption of memory as buffer overflows, the heap overflows, race conditions, format string attacks, etc… In this article, we won’t learn to write an exploit, we will not even see how to search for a vulnerability in a software, but we will see how to write and analyze shellcode and the relationship with the above. The shellcode is generally regarded as a program that starts a shell, and is used as the payload of the exploit. In reality, one shellcode can do everything that makes a normal program. The shellcode is executed after the vulnerability has been exploited. In this article, we will analyze and write shellcode for Linux x86 32-bit architectures.I pointed out the type of architecture, that is because shellcode is usually written in assembly language, and each processor family has its own set of instructions. In addition, each operating system has its own system calls to make service requests to the kernel. To make a system call using the int 0×80 instruction, the kernel then checks the value of the EAX register to take the number of the system call. Each system call is identified by a unique number that the kernel recognizes.We look at the system call in Linux, they are located (in Ubuntu) in the following file: – /usr/src/linux-headers-3.0.0-25/arch/x86/include/asm/unistd_32.h It’s time to start!Let’s write our first shellcode – I have chosen to write a fairly simple, so as to better understand the steps necessary to analyze and optimize it. What we need is to write shellcode that should display the command “cat” the contents of the file /etc/passwd file (this file contains some information about the system account).Link: InfoSec Institute Resources – Shellcode analysis on Linux x86 32bit Quote Link to comment Share on other sites More sharing options...
