As a part of SecurityTube Linux Assembly Expert (SLAE) course, I explain my solution of the first assignment “Create a Shell Bind TCP shellcode”.
I think that these course is a great opportunity to understand how create , analyse shellcode and the most important "think out the box" .
Poc Bind Tcp Shell Program:
Before coding our shellcode in assembly language, is a good idea coding a POC program with the same functionality of our shellcode. These help us to understand in a “high level way” how can we coding our shellcode.
As part of the code I put some comments to identify all the systems call use to program to bind a tcp port, but how can i verified that?, well a simple way is using the strace tool in our linux box:
As you can see there are six important system call in our program :
For more information about these system call see the man page in your linux box.
Generating our Bind Tcp Shellcode:
At this point we have identified the system calls and the flow of the program:
1. Create a socket (socket call)
2. Prepare the socket to listen a connection in determinate port (bind call)
3. Listen a connection (listen call)
4. Accept the connection (accept call)
5. Spawn the shell (dup2,execve call)
One interesting tool the I dont know until now is libemu. Libemu is a small library written in C offering basic x86 emulation and shellcode detection using GetPC heuristics. It is designed to be used within network intrusion/prevention detections and honeypots. Using the functionality of libemu we can emulate our shellcode and get a visual perspective between other things.
This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:
Student ID: SLAE-437