Amonsec

It's all about digital security.

A simple blog where you can find different things about digital security.

Encrypt / Decrypt Intel x86 shellcode with RC4 algorithm

INTRODUCTION

Disclaimer

  • I’m not a cryptanalyst;
  • My math knowledge is not awesome and
  • I’m not the creator of the RC4 algorithm.

 

In this last SLAE assignment blog post we will discuss about crypter and how we can create a C wrapper that encrypt and decrypt our shellcode.

Requirements:

  • Linux distribution, in my case Ubuntu 10.04 LTS (x86);
  • A mouse (not the animal) and
  • A java (not the programming language).
Read More

Polymorphism examples with Linux Intel x86 shellcodes

Introduction

In this post we will discuss about polymorphsim, what is it and why it’s useful nowadays.For that, we are going to take three different shellcode from the very well known Shell Storm website and we will change them in order to have structurally different shellcodes, but with same functionality

Requirements

  • Linux distribution, in my case Ubuntu 10.04 LTS (x86)
  • A keyboard and
  • maybe some caffeine ?!

Read More

Metasploit Linux x86 Payloads Analysis

Introduction

This post will be slightly different from other ones because here, we will analyze shellcodes instead of writing them. It’s a really good exercise to learn how to use debuggers and disassemblers since that will drastically help you to understund what is going on in computer low level layers.
In order to cover multiples tools I will use three different tools:

 

Requirements

  • Linux distribution, in my case Ubuntu 10.04 LTS (x86);
  • GDB installed;
  • Libemu installed;
  • Ndisasm installed;
  • Metasploit-framework (or download shellcode from my github repository) and
  • I have ever talked about coffee?

 

Note, we will use different pre-written payload from the very well known pentest framework called Metasploit. This is the Holy Bible for exploits due to is huge popularity in the cyber security field. For more information about Metasploit I highly recommend you to read this awesome guide from Offensive Security called Metasploit Unleashed (MSFU) or to go to the official website of Rapid7. Msfvenom is a component of the Metasploit-framework used for payloads generation.

If you want to install Metasploit-framework in your Linux system, you have multiples tutorials available:

Read More

Custom shellcode encoder/decoder with Intel x86

Introduction

The usage of an encoder is really useful in order to bypass anti virus protections or for more specifics cases to avoid bad characters.
Tons of different encoder and their decoder can be found around the Web. The aim of this post is not to create a leet haxx0r encoder to bypass most advanced anti virus or IDS (Intrusion Detection System) probably because I don’t have the knowledge to do so, but to understand the concept, to understand what is an encoder, what is a decoder and how to create your owns.

Requirements

  • Linux distribution, in my case Ubuntu 10.04 LTS (x86);
  • Python 2.7 installed;
  • Nasm installed and
  • A cup of coffee (we always need a good coffee)
Read More

Egghunter with Intel x86

Introduction

In this post we will discuss this weird thing called egghunter, what is his utility and in which cases? For that, this post is going to be split-ed in three parties.

  • Egghunter?! what da f*ck;
  • Egghunter from scratch and
  • Egghunter in a Windows exploit

What you need in order to reproduce the process:

  • A Linux x86 system (Kali Linux in my case)
  • Your brain (and maybe a cup a coffee or eight)

If you want to recreate for scratch the windows exploit:

Read More