eBook - ePub
Offensive Shellcode from Scratch
Rishalin Pillay
This is a test
- 208 pagine
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Offensive Shellcode from Scratch
Rishalin Pillay
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
Gain practical knowledge of shellcode and leverage it to develop shellcode for Windows and Linux operating systems, while understanding the countermeasures in place and how these can be bypassedKey Features• Get up and running with shellcode fundamentals• Develop Shellcode for Windows and Linux• Understand the building blocks of shellcodeBook DescriptionShellcoding is a technique that is executed by many red teams and used in penetration testing and real-world attacks. Books on shellcode can be complex, and writing shellcode is perceived as a kind of "dark art." Offensive Shellcode from Scratch will help you to build a strong foundation of shellcode knowledge and enable you to use it with Linux and Windows. This book helps you to explore simple to more complex examples of shellcode that are used by real advanced persistent threat (APT) groups. You'll get to grips with the components of shellcode and understand which tools are used when building shellcode, along with the automated tools that exist to create shellcode payloads. As you advance through the chapters, you'll become well versed in assembly language and its various components, such as registers, flags, and data types. This shellcode book also teaches you about the compilers and decoders that are used when creating shellcode. Finally, the book takes you through various attacks that entail the use of shellcode in both Windows and Linux environments. By the end of this shellcode book, you'll have gained the knowledge needed to understand the workings of shellcode and build your own exploits by using the concepts explored.What you will learn• Gain a thorough understanding of shellcode• Get to grips with assembly language and its key purpose in shellcode development• Identify key elements of memory registers• Explore debuggers and their use cases• Get up and running with hands-on shellcode creation for both Windows and Linux• Exploit Windows and Linux operating systems using shellcode• Assess countermeasures of Windows and LinuxWho this book is forThis book is for red teamers, penetration testers, and anyone looking to learn about shellcode and find out how it is used to break into systems by making use of simple to complex instructions of code in memory. Basic shellcode knowledge is helpful but not mandatory to understand the topics covered in this book.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Offensive Shellcode from Scratch è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Offensive Shellcode from Scratch di Rishalin Pillay in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Computer Science e Operating Systems. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
Section 1: Shellcode
This section focuses on getting you familiar with shellcode, the various components of shellcode, and more importantly, how shellcode can be used in penetration testing.
This part of the book comprises the following chapters:
- Chapter 1, The Ins and Outs of Shellcode
- Chapter 2, Assembly Language
- Chapter 3, Shellcode Tools and Resources
Chapter 1: The Ins and Outs of Shellcode
Welcome to the first chapter of the book, and more importantly, the start of your journey of learning about shellcode and how it can be applied in offensive security.
When you think about offensive security, the first thoughts that may come to mind are penetration testing, hacking, exploits, and so on. One thing that all of those have in common is the use of shellcode. Shellcode is extremely helpful – it can be used in various ways to either perform an exploit, obtain a reverse shell, or control the targeted computer, among other things.
When learning about something new, the best way is to start from the bottom up. This means that you need to get a good solid foundation of the topic and then add to that knowledge as you progress. It can be likened to building a house, where you start with the foundation and then work your way up to the roof. So, in this chapter, we will focus on gaining a good understanding of shellcode.
We will cover the following topics:
- What is shellcode?
- Breaking down shellcode
- Exploring the common types of shellcode
What is shellcode?
The term shellcode was originally derived based on its purpose to spawn or create a reverse shell via the execution of code. It has nothing to do with shell scripting, which essentially entails writing scripts of bash commands to complete a task.
Shellcode interacts with the registers and functions of a program by directly manipulating the program in order to perform an outcome. Due to this interaction, it is written in an assembler and then translated into hexadecimal opcodes. We will cover assemblers and opcodes later in this chapter.
When a vulnerability is discovered, shellcode can be used to exploit that vulnerability. Depending on the complexity of the vulnerability, you may make use of a few lines of code to exploit it. In some cases, the size of your shellcode can be quite substantial. The bottom line is that sometimes, obtaining a reverse shell or a specific outcome when using shellcode can be very lightweight. This results in a very efficient attack that can be used if you provide the right input to the program.
Examples of shellcode
Let's take a look at a few samples. We will begin by looking at a simple piece of code that is written in C. The purpose of this code is to return a shell. The privilege level of the returned shell will depend on the privilege level of the target program at the time this shellcode is run. In simple terms, the newly spawned shell will inherit the same permissions as the target program:
#include <stdio.h>
int main()
{
char *args[2];
args[0] = "/bin/sh";
args[1] = NULL;
execve("/bin/sh", args, NULL);
return 0;
}
When this compiled and modified further with an editor, it's possible to turn it into input strings that can then be used against a vulnerable program to obtain a shell.
There are additional steps required to make this piece of code useable.
Shellcode is often used with buffer overflow attacks. In its simplest terms, a buffer overflow happens when a program writes data into memory that is larger than what has been have reserved. The end result is that the program may crash, overwrite data, or execute other code.
In the following piece of code, you will notice that the code is expecting an input of a certain number of characters. This is defined by the char input [12] command:
#include <stdio.h>
int main()
{
char input[12];
printf("Please enter your password: ");
// If the password is longer than 12 characters, a buffer overflow will happen;
scanf("%s", input);
printf("Your password is %s", input);
return(0);
}
Because there is no input validation and the program has reserved 12 bytes of memory for the input, if a string of data longer than 12 bytes is entered, then the application will crash. This specific action may not be useful if you are looking at obtaining a reverse shell, but it is useful if your intent is to cause an application to crash.
Using the logic of a buffer overflow, a carefully crafted piece of shellcode can exploit this vulnerability. The end result could be a specific attack such as a stack-based buffer overflow attack, or a heap-based buffer overflow attack. We will cover these later in the book.
Now on to a more complex example of shellcode. In January 2021, a malware sample was shared with a research team at Check Point. This malware sample resembled a loader that belongs to a well-known APT group called Lazarus. This malware made use of a phishing attack that included a document loaded with a macro that was used as a job application on LinkedIn, a popular platform for professionals.
The macro in the document made use of Visual Basic for Applications (VBA) shellcode that did not contain suspicious APIs such as VirtualAlloc, WriteProcessMemory, or CreateThread. These types of APIs are usually detected by endpoint protection products since these relate to memory allocation, writing to memory, and starting a new CPU thread.
Now, when this VBA macro was executed, it made use of a number of interesting techniques. Firstly, it created aliases of the various API calls so that its intent was less obvious. It then made use of various calls such as HeapCreate and HeapAlloc to create an executable memory location. Later, it made use of functions such as FindImage that employed a UuidFromStringA API function that had a list of hardcoded UUID values. This UuidFromStringA ultimately provides a pointer to a memory heap address allowing it to be used to decode data and write it to memory without making use of the more common functions such as memcpy or WriteProcessMemory. The following is a snippet of the shellcode; however, here it's executing the code to start up the Windows calculator appli...
Indice dei contenuti
- Offensive Shellcode from Scratch
- Contributors
- Preface
- Section 1: Shellcode
- Chapter 1: The Ins and Outs of Shellcode
- Chapter 2: Assembly Language
- Chapter 3: Shellcode Tools and Resources
- Section 2: Writing Shellcode
- Chapter 4: Developing Shellcode for Windows
- Chapter 5: Developing Shellcode for Linux
- Section 3: Countermeasures and Bypasses
- Chapter 6: Countermeasures and Bypasses
- Other Books You May Enjoy
Stili delle citazioni per Offensive Shellcode from Scratch
APA 6 Citation
Pillay, R. (2022). Offensive Shellcode from Scratch (1st ed.). Packt Publishing. Retrieved from https://www.perlego.com/book/3468754/offensive-shellcode-from-scratch-pdf (Original work published 2022)
Chicago Citation
Pillay, Rishalin. (2022) 2022. Offensive Shellcode from Scratch. 1st ed. Packt Publishing. https://www.perlego.com/book/3468754/offensive-shellcode-from-scratch-pdf.
Harvard Citation
Pillay, R. (2022) Offensive Shellcode from Scratch. 1st edn. Packt Publishing. Available at: https://www.perlego.com/book/3468754/offensive-shellcode-from-scratch-pdf (Accessed: 15 October 2022).
MLA 7 Citation
Pillay, Rishalin. Offensive Shellcode from Scratch. 1st ed. Packt Publishing, 2022. Web. 15 Oct. 2022.