Student-ID: PA-15847<\/strong><\/p>\n\n\n\n The Objectives for the Assignment:<\/p>\n\n\n\n So I took the code written during the course as a base and developed the remaining parts as below:<\/p>\n\n\n\n I use the following syscalls in the same order:<\/p>\n\n\n\n First we start with opening a socket with the following syntax:<\/p>\n\n\n\n Then we will make the socket connect to the server with the following syntax:<\/p>\n\n\n\n Here we’ll read the password string and compare it with the real password for a match. If the result is wrong, it will go to end (defined at the end)<\/p>\n\n\n\n Then we have dup2 again for redirecting the socket<\/p>\n\n\n\n And of course we execute \/bin\/sh with execve syscall <\/p>\n\n\n\n We define the end call here as it’s called in read syscall section before and exit the program<\/p>\n\n\n\n We get a reverse shell at the end:<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert (SLAE64) certification: https:\/\/www.pentesteracademy.com\/course?id=7 Student-ID: PA-15847 The Objectives for the Assignment: create a shell_reverse_tcp shellcode: reverse connects to configured IP and port needs a passcode if passcode is correct, then execs shell remove 0x00 from bind tcp shellcode So I took… Continue reading SLAE64: Assignment 2 \u2013 Reverse Shell<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[20],"tags":[],"_links":{"self":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts\/110"}],"collection":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/comments?post=110"}],"version-history":[{"count":3,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts\/110\/revisions"}],"predecessor-version":[{"id":160,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts\/110\/revisions\/160"}],"wp:attachment":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/media?parent=110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/categories?post=110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/tags?post=110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}create a shell_reverse_tcp shellcode<\/code><\/strong>:<\/p>\n\n\n\nreverse connects to configured IP and port<\/strong><\/code><\/li>needs a passcode<\/strong><\/code><\/li>if passcode is correct, then execs shell<\/strong><\/code><\/li>remove 0x00 from bind tcp shellcode<\/strong><\/code><\/li><\/ul>\n\n\n\nsyscall socket
syscall connect
syscall read
syscall dup2
syscall execve
syscall close<\/strong><\/code><\/p>\n\n\n\nint socket(int domain<\/em>, int type<\/em>, int protocol<\/em>);<\/strong><\/code><\/p>\n\n\n\n![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-06-at-13.03.26.png\")
int connect(int<\/strong> sockfd, const struct<\/strong> sockaddr *addr, socklen_t<\/strong> addrlen);<\/strong><\/code><\/p>\n\n\n\n![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-06-at-13.03.33-1024x417.png\")
![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-06-at-13.03.38-1024x480.png\")
![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-06-at-13.03.43.png\")
![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-06-at-13.03.49.png\")
![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-06-at-13.03.53.png\")
![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2021\/10\/assignment2-1024x835.png\")
<\/figure>\n<\/div><\/div>\n\n\n\n