Skip to main content

Shellcode Analysis x86 - SLAE Assignment 0x5

Before we start , I would like to bring your attention to this SLAE course from securitytube which will help you learn Shellcoding -

We all use metasploit in our daily pentest engagements so let's break-up some of the shellcode comes with metasploit.

Analysis :
 1. linux/x86/chmod
 2. linux/x86/exec
 3. linux/x86/read_file

1. linux/x86/chmod -
 msfvenom -p linux/x86/chmod -f raw | ndisasm -u -
msfvenom -p linux/x86/chmod -f c
msfvenom -p linux/x86/chmod -f raw | sctest -vvv -Ss 100000 -G
dot -Tpng -o chmod.png
 2. linux/x86/exec -
 msfvenom -p linux/x86/exec CMD=ls FILE=tmp.bin -f raw | ndisasm -u -
msfvenom -p linux/x86/exec CMD=ls -f c
msfvenom -p linux/x86/exec CMD=ls FILE=tmp.bin -f raw | /opt/libemu/bin/sctest -vvv -Ss 100000 -G
dot -Tpng -o exec.png
3. linux/x86/read_file -
msfvenom -p linux/x86/shell/reverse_tcp -f raw | ndisasm -u -

 msfvenom -p linux/x86/shell/reverse_tcp -f c
msfvenom -p linux/x86/shell/reverse_tcp -f raw | /opt/libemu/bin/sctest -vvv -Ss 100000 -G
dot -Tpng -o rev.png

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: 

Student-ID: SLAE-1219


  1. Play Blackjack Online For Real Money At JT Sportsbook
    Play blackjack for real money at 서산 출장마사지 JT Sportsbook - No deposit free 오산 출장안마 bet needed. Play casino blackjack 충주 출장마사지 online with JT Sportsbook 나주 출장샵 today 광주광역 출장마사지 for real money on


Post a Comment

Popular posts from this blog

Review of Pentester Academy - Attacking and Defending Active Directory Lab

Few months ago I didn't know what Active Directory is, and why should I care about it and never heard about ACL abuse and all. Although I had attended a BPAD (Breaking and Pwning Active Directory) training which was provided by Nullcon but I was not confident enough to go for this course exam, since my day-today activity involves VAPT stuffs related to Web/Network/Mobile and sometimes basic malware analysis (very basic one :p).  I started doing offshore lab and took help from some friends in understanding few Active Directory concepts. I did many silly mistakes during the lab and learned a lot. Meanwhile I registered for Active Directory Lab Course and got it in a discounted offer for first 50 students of about 11k INR  ( 1 mont lab access) :). Before wasting time any further let's dive into the review. The course - Certification - Certified Red Team Professional The Course Content  - After paying the course fee,

Backdoring PE files using code caves : OSCE/CTP Module 0x03 (OSCE Preparation)

Hello Readers, This post will cover Backdooring of P.E file by using code caves . There are already good tools to do this for you eg. Backdoor Factory and Shelter which will do the same job and even bypass some static analysis of few antiviruses . I will be covering the manual approach of backdooring a PE file . Let's understand some terms : [x] PE file : The Portable Executable (PE) format is a file format for executables, object code, and DLLs, used in 32-bit and 64-bit versions of Windows operating systems. [x] Code Cave : Wikipedia says - "A code cave is a series of null bytes in a process's memory. The code cave inside a process's memory is often a reference to a section of the code’s script functions that have capacity for the injection of custom instructions. For example, if a script’s memory allows for 5 bytes and only 3 bytes are used, then the remaining 2 bytes can be used to add external code to the script." [x] Shellcode : Wikipedia - &qu