A shell is a small program that takes input from the user and sends it back to operating system and vice versa. In this writeup I will show you how we can create a custom tcp bind shell shellcode.
So how does TCP Bind exploit shell work ?
In a TCP Bind Shell Exploit Shellcode, the exploit listens for an incoming connection and when the attacker connect to the port on which the exploit runs , it will open up a shell and transfer the control to the attacker. So the attacker now has a shell access to the victims machine and can run any commands.
So there are few points I need to make clear while I write this post
1. The code that I have written went through lot of debugging and modification and I am still modifying ( to minimize , to remove bad characters like PUSH 0x0 can introduce bad characters so I replaced them with something that had the value NULL and then pushed them to on stack like PUSH ECX )
2. Some code which I have written might look absurd (for example mov eax,edx followed by mov edx,eax). I just wrote them to remember few things like ( X will always hold Y data before the operation ) and I am optimizing them still to remove them. As I will keep updating my code , I will continue to remove them because none likes crappy code !)
3. I will try to keep the documentation and the details in the code itself , so that I can constantly modify them from the github instead of modifying them twice , i.e here and in the github again.
First we will code the bind shell with C and later use the same concept using Assembly.
At any point of time we can use man command to look into the API implementation e.g man socket
Replicating the same TCP Bind Shell in NASM
Testing our shellcode. Here I wrote the code in such a way that the port number is reconfigurable to any port instead of the default 9000
This blog post has been created for completing the requirements of SecurityTube Linux Assembly Expert Certification:
http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/
Student ID: PA-1191
So how does TCP Bind exploit shell work ?
In a TCP Bind Shell Exploit Shellcode, the exploit listens for an incoming connection and when the attacker connect to the port on which the exploit runs , it will open up a shell and transfer the control to the attacker. So the attacker now has a shell access to the victims machine and can run any commands.
So there are few points I need to make clear while I write this post
1. The code that I have written went through lot of debugging and modification and I am still modifying ( to minimize , to remove bad characters like PUSH 0x0 can introduce bad characters so I replaced them with something that had the value NULL and then pushed them to on stack like PUSH ECX )
2. Some code which I have written might look absurd (for example mov eax,edx followed by mov edx,eax). I just wrote them to remember few things like ( X will always hold Y data before the operation ) and I am optimizing them still to remove them. As I will keep updating my code , I will continue to remove them because none likes crappy code !)
3. I will try to keep the documentation and the details in the code itself , so that I can constantly modify them from the github instead of modifying them twice , i.e here and in the github again.
First we will code the bind shell with C and later use the same concept using Assembly.
At any point of time we can use man command to look into the API implementation e.g man socket
Replicating the same TCP Bind Shell in NASM
Testing our shellcode. Here I wrote the code in such a way that the port number is reconfigurable to any port instead of the default 9000
This blog post has been created for completing the requirements of SecurityTube Linux Assembly Expert Certification:
http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/
Student ID: PA-1191