Student-ID: PA-15847<\/strong><\/p>\n\n\n\n The Objectives for the Assignment:<\/p>\n\n\n\n An Egg Hunter is the first stage of a multistage payload. It consists of a piece of code that scans memory<\/strong> for a specific pattern and moves execution to that location.<\/p>\n\n\n\n So let’s explain the assembly code step by step:<\/p>\n\n\n\n In the beginning, we’ll clear the registers<\/p>\n\n\n\n We’ll set page size alignment in the next function<\/p>\n\n\n\n Incremet function is simply serving the purpose of incrementing rdx register<\/p>\n\n\n\n Now the magic happens in the following function to hunt the egg<\/p>\n\n\n\n I gave the descriptions for the code below<\/p>\n\n\n\n We’ll use the following C code to execute the egghunter and shellcode:<\/p>\n\n\n\n Compile the C code and run to get the reverse shell<\/p>\n\n\n\n For the full code, you can refer to my Github repository<\/p>\n\n\n\n https:\/\/github.com\/areyou1or0\/SLAE64\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert (SLAE64) certification: https:\/\/www.pentesteracademy.com\/course?id=7 Student-ID: PA-15847 The Objectives for the Assignment: study about egg hunter shellcodecreate a working demo of the egghuntershould be configurable for different payloads An Egg Hunter is the first stage of a multistage payload. It consists of… Continue reading SLAE64: Assignment 3 – Egghunters<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[20],"tags":[],"_links":{"self":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts\/124"}],"collection":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/comments?post=124"}],"version-history":[{"count":4,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts\/124\/revisions"}],"predecessor-version":[{"id":161,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts\/124\/revisions\/161"}],"wp:attachment":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/media?parent=124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/categories?post=124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/tags?post=124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}study about egg hunter shellcode
create a working demo of the egghunter
should be configurable for different payloads<\/strong><\/code><\/p>\n\n\n\n![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-07-at-20.09.18.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-07-at-20.09.40.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-07-at-20.09.44.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-07-at-20.10.19-1024x485.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-07-at-20.11.10-1024x324.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-07-at-20.11.58-1024x226.png\")
<\/figure>\n\n\n\n