quinta-feira, 18 de janeiro de 2024

Emulating Shellcodes - Chapter 1

 There are many basic shellcodes that can be emulated from the beginning from the end providing IOC like where is connecting and so on. But what can we do when the emulation get stuck at some point?

The console has many tools to interact with the emulator like it was a debugger but the shellcode really is not being executed so is safer than a debugger.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin -vv 


In some shellcodes the emulator emulates millions of instructions without problem, but in this case at instruction number 176 there is a crash, the [esp + 30h] contain an unexpected 0xffffffff.

There are two ways to trace the memory, tracing all memory operations with -m or inspecting specific place with -i which allow to use registers to express the memory location:

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  -i 'dword ptr [esp + 0x30]'


Now we know that in position 174 the value 0xffffffff is set.

But we have more control if we set the console at first instruction with -c 1 and set a memory breakpoint on write.




This "dec" instruction changes the zero for the 0xffffffff, and the instruction 90 is what actually is changing the stack value.

Lets trace the eax register to see if its a kind of counter or what is doing.


target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  --reg eax 


Eax is not a counter, is getting hardcoded values which is probably an API name:


In this case this shellcode depend on previous states and crash also in the debugger because of  register values. this is just an example of how to operate in cases where is not fully emulated.

In next chapter will see how to unpack and dump to disk using the emulator.


Related articles

Odysseus


"Odysseus is a tool designed for testing the security of web applications. Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Odysseus will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server." read more...

Download: http://www.bindshell.net/tools/odysseus


More info


Fragroute


"fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour." read more...

Website: http://monkey.org/~dugsong/fragroute

Related word
  1. Hacker Tools
  2. Pentest Tools
  3. Pentest Recon Tools
  4. Hacking Tools Free Download
  5. What Are Hacking Tools
  6. Hacker Tools Hardware
  7. Termux Hacking Tools 2019
  8. Hacking Apps
  9. Hack Tools Github
  10. Nsa Hacker Tools
  11. Blackhat Hacker Tools
  12. Hacking Tools Usb
  13. Pentest Tools For Windows
  14. Hacker Tools Linux
  15. Hacker Tools 2019
  16. Hacking App
  17. Hacking Tools For Games
  18. Hacking Tools Windows 10
  19. Install Pentest Tools Ubuntu
  20. Hacking Tools Usb
  21. Termux Hacking Tools 2019
  22. Hacker Security Tools
  23. Hacker Tools
  24. Blackhat Hacker Tools
  25. World No 1 Hacker Software
  26. Hack Tools Github
  27. Pentest Tools Kali Linux
  28. Free Pentest Tools For Windows
  29. Hack Tools Pc
  30. Beginner Hacker Tools
  31. Hack Tools For Games
  32. Install Pentest Tools Ubuntu
  33. Hack Tools For Pc
  34. Hacking Tools
  35. How To Make Hacking Tools
  36. Pentest Tools Port Scanner
  37. Hacking Tools Windows 10
  38. Hack Apps
  39. Hack Tools Online
  40. Pentest Reporting Tools
  41. Hacker Security Tools
  42. Hack Tools Download
  43. Hacker Tools Free
  44. Hack Tools Online
  45. Hacker Tools Github
  46. Hack Website Online Tool
  47. Game Hacking
  48. Pentest Tools Find Subdomains
  49. Hack Tools For Windows
  50. Free Pentest Tools For Windows
  51. Hacker Tools Hardware
  52. Hack And Tools
  53. Hack Tools For Pc
  54. Hacker Tools For Pc
  55. Install Pentest Tools Ubuntu
  56. Pentest Reporting Tools
  57. Hack Tools 2019
  58. Hacking Apps
  59. Hacking Tools For Windows
  60. Hacking Tools Hardware
  61. Pentest Tools Github
  62. Hacker Tools For Windows
  63. Top Pentest Tools
  64. Hacking Tools For Windows 7
  65. Pentest Tools For Mac
  66. Hack Tools Download
  67. Pentest Tools
  68. Hacker Tool Kit
  69. Hacking Tools Name
  70. Pentest Tools For Ubuntu
  71. Blackhat Hacker Tools
  72. Hacker Tools Free Download
  73. Pentest Tools Online
  74. Hacker Tools Linux
  75. Hack Tool Apk No Root
  76. Hack Tools For Mac
  77. Pentest Automation Tools
  78. Hacking Tools For Windows
  79. Hack Tools For Pc
  80. Pentest Tools Nmap
  81. Pentest Tools Url Fuzzer
  82. Ethical Hacker Tools
  83. Hacking Tools Software
  84. Hacks And Tools
  85. Best Hacking Tools 2019
  86. Hacker Tools List
  87. Hack Tools
  88. Hacking Tools For Games
  89. How To Make Hacking Tools
  90. Pentest Tools Online
  91. Pentest Tools Windows
  92. Hacking Tools 2019
  93. Pentest Reporting Tools
  94. Hacking Tools Free Download
  95. Tools For Hacker
  96. Black Hat Hacker Tools
  97. Computer Hacker
  98. Termux Hacking Tools 2019
  99. Pentest Tools Online
  100. Tools 4 Hack
  101. Nsa Hack Tools
  102. Hacking Tools For Windows
  103. Hak5 Tools
  104. Hacking Tools Kit
  105. How To Install Pentest Tools In Ubuntu
  106. How To Hack
  107. Pentest Tools Website Vulnerability
  108. Hacker Tools
  109. Android Hack Tools Github
  110. Hacking App
  111. Hacking Tools And Software
  112. Hack Tools Download
  113. Hack And Tools
  114. Pentest Tools Bluekeep
  115. Hacking Tools Usb
  116. Hacker Tools Github
  117. Hack Tools Pc
  118. Hacker Tools
  119. Hacking Tools Hardware
  120. Tools Used For Hacking
  121. Pentest Tools Framework
  122. Hacker Search Tools
  123. Hack Rom Tools
  124. Install Pentest Tools Ubuntu
  125. Hack Tools Online
  126. Hacking Tools Windows
  127. What Are Hacking Tools
  128. Hacking Tools 2019
  129. Pentest Tools Open Source
  130. Easy Hack Tools
  131. Pentest Tools Kali Linux
  132. Hacker Tools Online
  133. Hacking Tools 2020
  134. Hacks And Tools
  135. Termux Hacking Tools 2019
  136. Hackrf Tools
  137. Hack Tools Mac
  138. Hacking Tools Pc
  139. Pentest Tools Find Subdomains
  140. Hack Tools For Ubuntu
  141. Hack Tools Mac
  142. Nsa Hack Tools
  143. Nsa Hack Tools
  144. Pentest Tools Bluekeep
  145. Hack Tool Apk
  146. Pentest Tools Tcp Port Scanner
  147. Underground Hacker Sites
  148. Hacking Tools For Pc
  149. Hacker Tools
  150. Pentest Tools For Android
  151. Pentest Tools Online
  152. Hacking Tools 2019
  153. Tools Used For Hacking
  154. Hacking Apps
  155. Hacking Tools
  156. Hacking Tools Online
  157. Hacking Tools For Pc
  158. Hack Tools For Windows