Offensive Shellcode from Scratch
eBook - ePub

Offensive Shellcode from Scratch

Rishalin Pillay

  1. 208 pages
  2. English
  3. ePUB (adapté aux mobiles)
  4. Disponible sur iOS et Android
eBook - ePub

Offensive Shellcode from Scratch

Rishalin Pillay

DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations

À propos de ce livre

Gain practical knowledge of shellcode and leverage it to develop shellcode for Windows and Linux operating systems, while understanding the countermeasures in place and how these can be bypassedKey Features‱ Get up and running with shellcode fundamentals‱ Develop Shellcode for Windows and Linux‱ Understand the building blocks of shellcodeBook DescriptionShellcoding is a technique that is executed by many red teams and used in penetration testing and real-world attacks. Books on shellcode can be complex, and writing shellcode is perceived as a kind of "dark art." Offensive Shellcode from Scratch will help you to build a strong foundation of shellcode knowledge and enable you to use it with Linux and Windows. This book helps you to explore simple to more complex examples of shellcode that are used by real advanced persistent threat (APT) groups. You'll get to grips with the components of shellcode and understand which tools are used when building shellcode, along with the automated tools that exist to create shellcode payloads. As you advance through the chapters, you'll become well versed in assembly language and its various components, such as registers, flags, and data types. This shellcode book also teaches you about the compilers and decoders that are used when creating shellcode. Finally, the book takes you through various attacks that entail the use of shellcode in both Windows and Linux environments. By the end of this shellcode book, you'll have gained the knowledge needed to understand the workings of shellcode and build your own exploits by using the concepts explored.What you will learn‱ Gain a thorough understanding of shellcode‱ Get to grips with assembly language and its key purpose in shellcode development‱ Identify key elements of memory registers‱ Explore debuggers and their use cases‱ Get up and running with hands-on shellcode creation for both Windows and Linux‱ Exploit Windows and Linux operating systems using shellcode‱ Assess countermeasures of Windows and LinuxWho this book is forThis book is for red teamers, penetration testers, and anyone looking to learn about shellcode and find out how it is used to break into systems by making use of simple to complex instructions of code in memory. Basic shellcode knowledge is helpful but not mandatory to understand the topics covered in this book.

Foire aux questions

Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via l’application. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă  la bibliothĂšque et Ă  toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode d’abonnement : avec l’abonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă  12 mois d’abonnement mensuel.
Qu’est-ce que Perlego ?
Nous sommes un service d’abonnement Ă  des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă  toute une bibliothĂšque pour un prix infĂ©rieur Ă  celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte Ă  haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Offensive Shellcode from Scratch est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă  Offensive Shellcode from Scratch par Rishalin Pillay en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Computer Science et Operating Systems. Nous disposons de plus d’un million d’ouvrages Ă  dĂ©couvrir dans notre catalogue.

Informations

Éditeur
Packt Publishing
Année
2022
ISBN
9781803232867
Édition
1
Sujet
Computer Science
Sous-sujet
Operating Systems

Section 1: Shellcode

This section focuses on getting you familiar with shellcode, the various components of shellcode, and more importantly, how shellcode can be used in penetration testing.
This part of the book comprises the following chapters:
  • Chapter 1, The Ins and Outs of Shellcode
  • Chapter 2, Assembly Language
  • Chapter 3, Shellcode Tools and Resources

Chapter 1: The Ins and Outs of Shellcode

Welcome to the first chapter of the book, and more importantly, the start of your journey of learning about shellcode and how it can be applied in offensive security.
When you think about offensive security, the first thoughts that may come to mind are penetration testing, hacking, exploits, and so on. One thing that all of those have in common is the use of shellcode. Shellcode is extremely helpful – it can be used in various ways to either perform an exploit, obtain a reverse shell, or control the targeted computer, among other things.
When learning about something new, the best way is to start from the bottom up. This means that you need to get a good solid foundation of the topic and then add to that knowledge as you progress. It can be likened to building a house, where you start with the foundation and then work your way up to the roof. So, in this chapter, we will focus on gaining a good understanding of shellcode.
We will cover the following topics:
  • What is shellcode?
  • Breaking down shellcode
  • Exploring the common types of shellcode

What is shellcode?

The term shellcode was originally derived based on its purpose to spawn or create a reverse shell via the execution of code. It has nothing to do with shell scripting, which essentially entails writing scripts of bash commands to complete a task.
Shellcode interacts with the registers and functions of a program by directly manipulating the program in order to perform an outcome. Due to this interaction, it is written in an assembler and then translated into hexadecimal opcodes. We will cover assemblers and opcodes later in this chapter.
When a vulnerability is discovered, shellcode can be used to exploit that vulnerability. Depending on the complexity of the vulnerability, you may make use of a few lines of code to exploit it. In some cases, the size of your shellcode can be quite substantial. The bottom line is that sometimes, obtaining a reverse shell or a specific outcome when using shellcode can be very lightweight. This results in a very efficient attack that can be used if you provide the right input to the program.

Examples of shellcode

Let's take a look at a few samples. We will begin by looking at a simple piece of code that is written in C. The purpose of this code is to return a shell. The privilege level of the returned shell will depend on the privilege level of the target program at the time this shellcode is run. In simple terms, the newly spawned shell will inherit the same permissions as the target program:
#include <stdio.h>
int main()
{
char *args[2];
args[0] = "/bin/sh";
args[1] = NULL;
execve("/bin/sh", args, NULL);
return 0;
}
When this compiled and modified further with an editor, it's possible to turn it into input strings that can then be used against a vulnerable program to obtain a shell.
There are additional steps required to make this piece of code useable.
Shellcode is often used with buffer overflow attacks. In its simplest terms, a buffer overflow happens when a program writes data into memory that is larger than what has been have reserved. The end result is that the program may crash, overwrite data, or execute other code.
In the following piece of code, you will notice that the code is expecting an input of a certain number of characters. This is defined by the char input [12] command:
#include <stdio.h>
int main()
{
char input[12];
printf("Please enter your password: ");
// If the password is longer than 12 characters, a buffer overflow will happen;
scanf("%s", input);
printf("Your password is %s", input);
return(0);
}
Because there is no input validation and the program has reserved 12 bytes of memory for the input, if a string of data longer than 12 bytes is entered, then the application will crash. This specific action may not be useful if you are looking at obtaining a reverse shell, but it is useful if your intent is to cause an application to crash.
Using the logic of a buffer overflow, a carefully crafted piece of shellcode can exploit this vulnerability. The end result could be a specific attack such as a stack-based buffer overflow attack, or a heap-based buffer overflow attack. We will cover these later in the book.
Now on to a more complex example of shellcode. In January 2021, a malware sample was shared with a research team at Check Point. This malware sample resembled a loader that belongs to a well-known APT group called Lazarus. This malware made use of a phishing attack that included a document loaded with a macro that was used as a job application on LinkedIn, a popular platform for professionals.
The macro in the document made use of Visual Basic for Applications (VBA) shellcode that did not contain suspicious APIs such as VirtualAlloc, WriteProcessMemory, or CreateThread. These types of APIs are usually detected by endpoint protection products since these relate to memory allocation, writing to memory, and starting a new CPU thread.
Now, when this VBA macro was executed, it made use of a number of interesting techniques. Firstly, it created aliases of the various API calls so that its intent was less obvious. It then made use of various calls such as HeapCreate and HeapAlloc to create an executable memory location. Later, it made use of functions such as FindImage that employed a UuidFromStringA API function that had a list of hardcoded UUID values. This UuidFromStringA ultimately provides a pointer to a memory heap address allowing it to be used to decode data and write it to memory without making use of the more common functions such as memcpy or WriteProcessMemory. The following is a snippet of the shellcode; however, here it's executing the code to start up the Windows calculator appli...

Table des matiĂšres

  1. Offensive Shellcode from Scratch
  2. Contributors
  3. Preface
  4. Section 1: Shellcode
  5. Chapter 1: The Ins and Outs of Shellcode
  6. Chapter 2: Assembly Language
  7. Chapter 3: Shellcode Tools and Resources
  8. Section 2: Writing Shellcode
  9. Chapter 4: Developing Shellcode for Windows
  10. Chapter 5: Developing Shellcode for Linux
  11. Section 3: Countermeasures and Bypasses
  12. Chapter 6: Countermeasures and Bypasses
  13. Other Books You May Enjoy
Normes de citation pour Offensive Shellcode from Scratch

APA 6 Citation

Pillay, R. (2022). Offensive Shellcode from Scratch (1st ed.). Packt Publishing. Retrieved from https://www.perlego.com/book/3468754/offensive-shellcode-from-scratch-pdf (Original work published 2022)

Chicago Citation

Pillay, Rishalin. (2022) 2022. Offensive Shellcode from Scratch. 1st ed. Packt Publishing. https://www.perlego.com/book/3468754/offensive-shellcode-from-scratch-pdf.

Harvard Citation

Pillay, R. (2022) Offensive Shellcode from Scratch. 1st edn. Packt Publishing. Available at: https://www.perlego.com/book/3468754/offensive-shellcode-from-scratch-pdf (Accessed: 15 October 2022).

MLA 7 Citation

Pillay, Rishalin. Offensive Shellcode from Scratch. 1st ed. Packt Publishing, 2022. Web. 15 Oct. 2022.