
Writing my first shellcode - internetwache
https://0day.work/writing-my-first-shellcode-iptables-p-input-accept/
======
dimdimdim
Here are 2 great courses to learn assembly and shellcoding:

[http://www.pentesteracademy.com/course?id=3](http://www.pentesteracademy.com/course?id=3)
[http://www.pentesteracademy.com/course?id=7](http://www.pentesteracademy.com/course?id=7)

There are many free videos in this collection.

~~~
bogomipz
You can only sign up with a Google G+ account? What a huge fail. That's
unfortunate.

------
sdegutis
So, having never heard of shellcode before, I assumed it was just another way
of saying shell script. But I scroll to the bottom and see

    
    
        (*(void(*)()) shellcode)();
    

and suddenly this looks way more interesting. Is it really possible to
literally just execute random bytes stored in a string like that? I mean,
sure, you'd have to guarantee that it's running on the right platform with the
right type of assembly, but still. This is fascinating! Plus, I don't even see
execve actually pushed anywhere! Is that because of int 0x80? Wow this stuff
is neat! I'm whelmed.

Aside, is there any using HN syntax to write that code inline (i.e. not in its
own paragraph) without the asterisks insisting that I mean italics?

~~~
ShaneWilton
Take a look at Microcorruption [0]. If this post intrigued you, I think you'd
really enjoy it.

It's a series of challenges by tptacek that task you with exploiting the
firmware for a digital smart lock. It starts out by assuming no knowledge,
with the first level literally just requiring that you read a memory dump, but
by the last level you'll be reverse engineering custom heap implementations,
injecting shellcode into ASLR'd binaries, and bypassing memory protections.

It really is the best introduction to this sort of material that I've ever
come across.

[0] [https://microcorruption.com](https://microcorruption.com)

~~~
hodwik
And the firmware hacking levels of Stockfighter will be out soon. Apparently
they're just waiting for the beta testers to beat the last two levels.

------
d33
Disabling firewall on an attacked host sounds trivial to detect. Is there any
specific reason why wouldn't you deploy meterpreter instead?

~~~
Retr0spectrum
A properly configured firewall wouldn't allow anything except, for example,
inbound traffic on port 80. If you wanted to start some kind of reverse shell,
you would first need a hole in the firewall.

------
pseudo_ilya
Thank your for the article! Really helpful and easy to read. As a novice in
assembly, got a few tricks.

