Password Protected TCP Bind Shell | Linux x86_64

Introduction

In this post we will create a custom TCP bind shell for Linux x86_64 architecture that requires password to spawn a shell. We wont be going into too much details on how each function work as this has already been discussed in my previous Creating Custom TCP Reverse Shell | Linux x86 post.

Shellcode

If you’re not familiar with x86_64 assembly its pretty much the same as x86 from shellcoding standpoint. The following are the key add-ons (I should say) that you get when using x86_64 assembly as opposed to x86:

I used read() function to check for input via stdin and then compare it to a predefined password (in this case I used “pwnd”), if the check fails the shellcode will jump to “_nop” section which will effectivly cause the bind shell to crash. Please refer to the link in the introduction section for more in-depth analysis of the functions used by the bind shell. The following is the final null-free shellcode.

Now comes that fun part, let’s test out the shellcode.

Closing Thoughts

I feel passwords are essential when it comes to bind shells and hope this post will benefit folks looking to create one. All of the above code are available on my github. Feel free to contact me for questions using the comment section below or just tweet me @ihack4falafel . This post is one of many to come so stay tuned!

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:

http://www.securitytube-training.com/online-courses/x8664-assembly-and-shellcoding-on-linux/index.html

Student ID: SLAE64 – 1579­

Leave a Reply

Your email address will not be published. Required fields are marked *