Skip to content

Basic Shellcode Analysis

Analyzing a shellcode is always instructive, it can give the penetration tester hints about what is used in it, or the penetration tester can learn about the techniques used, but he might also prevent himself to use destructive shellcodes.

After a few searches on the Internet I found a pastebin page to illustrate my example.

The following page (here) claims that there is a 0 day exploit for openSSH 5.7 0day exploit. The page do not give any instructions, and displays a basic C code to compile with GCC on a linux machine. Below you can see the code :

The exploit seems to be fine, and I guess a lot of people tried that exploit on their own machine, without looking inside the exploit.  Before executing that exploit, this is what they should have done, and this is actually what you should always do !

  • Analyse it without executing it

Below you may see how to reverse an exploit with Perl or  Python :

or in Python

And this is the result that you should obtain:

As shown in the previous table the code tries to execute the a “rm -Rf” on our hard drive and delete everything !

That’s why it is important to always reverse the shellcodes you are using before hand !

Post a Comment

Your email is never published nor shared. Required fields are marked *