SLAE32 Assignment 2 - TCP Reverse-Shell Shellcode

Overview For our second assignment in the SLAE32 course we were tasks with creating reverse shell, shellcode. What is a reverse shell? A reverse shell is a program that is executed on a victim device, and connects to a remote host. Once the victim connects to the remote host, the victim executes an interactive shell within the connection. Input and Output of the reverse shell program is passed to the remote host, allowing the remote host to execute commands as if they were physically connected to the terminal. After writting the first bind shell, shellcode I felt I had a grasp on Assembly, and skipped right into creating the shellcode. Creating the Assembly Shellcode 1. Create the Socket. C Function int socket(int domain, int type, int protocol); Our C Function <socketcall> socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3 EAX=0x66 EBX ECX[0] ECX[1] ECX[2] EAX = 0x66 = 102 System Call socketcall 102 EBX = 0x1 = socket() Value of EBX Register for socketcall to create a new socket. ECX[0] = int domain = AF_INET = PF_INET = 0x2 Finding the value for PF_INET. cat /usr/src/linux-headers-$(uname -r)/include/linux/net.h SOCK_STREAM = 1 cat /usr/include/i386-linux-gnu/bits/socket.h #define AF_INET PF_INET #define PF_INET 2 We see that AF_INET is mapped to PF_INET ECX[1] - int type = SOCK_STREAM = 0x1 ECX[2] = int protocol = 0