by

Polymorphic Shellcode | Linux x86

Introduction

Polymorphism is a technique used to mutate code in a way that will keep the original function intact. For example, 1+1 and 4-2 both achieve the same result while using different values and operations. Polymorphic shellcode can aid in efforts to evade anti-virus and IDS/IPS. This post will look at couple shellcodes and how to produce polymorphic version of them.

Shellcode I

The first shellcode we’re going to work with is execve(), which basically spawn shell for us

Mutate code and use the comments section to explain the process

Compile and test

Shellcode II

The second shellcode we’re going to mangle is exit(), this one execute exit function with status code of 1

Mutate code and use the comments section to explain the process

Compile and test

Shellcode III

The third and last shellcode we’re going to deal with is fork(), this one will enter fork loop until system crashes

Mutate code and use the comments section to explain the process

Compile it

Note: Obviously we’re not going to test this one unless we want to crash the system

Closing Thoughts

I chose very simple shellcode examples so we can focus on the concept of polymorphism, hope you learned something from this post. Feel free to contact me for questions using the comment section below or just tweet me @ihack4falafel .

This blog post has been created for completing the requirements of the SecurityTube Linux
Assembly Expert certification:

http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/

Student ID:    SLAE-1115

Github Repo: https://github.com/ihack4falafel/SLAE32/tree/master/Assignment%206

 

Leave a Reply

Your email address will not be published. Required fields are marked *