SLAE64 - Metasploit analysis

The fifth assignment of the SLAE64 exam states:

  • Take up at least 3 shellcode samples created using Msfvenom (née Msfpayload) for linux/x86_64
  • Use GDB to dissect the functionality of the shellcode
  • Document your analysis

One thing that immediately stands out is the relative lack in diversity when it comes …




SLAE64 - Custom Encoder

The fourth assignment of the SLAE64 exam states:

  • Create a custom encoding scheme like the "insertion encoder" we showed you
  • PoC with using execve-stack as the shellcode to encode with your schema and execute

For this assignment I wrote a script which supports two encoders and it can also help …




SLAE64 - Egg Hunter

The third assignment of the SLAE64 exam states:

  • Study about the Egg Hunter shellcode
  • Create a working demo of the Egg Hunter
  • It should be configurable for different payloads

I for one had not heard before of the concept of an egg hunter so a little searching around led me …




SLAE64 - Reverse TCP shellcode

The second assignment of the SLAE64 exam states:

  • Create a Shell_Reverse_TCP shellcode:
    • Reverse connects to configure IP and port
    • Needs a "passcode"
    • If passcode is correct then execute a shell
  • Remove 0x00 from the Reverse TCP shellcode discussed in the course

Reverse TCP shellcode

This is quite a lot simpler …




SLAE64 - Bind TCP shellcode

The first assignment of the SLAE64 exam states:

  • Create a Shell_Bind_TCP shellcode:
    • Binds to a port
    • Needs a "passcode"
    • If passcode is correct then execute a shell
  • Remove 0x00 from the Bind TCP shellcode discussed in the course

Shell Bind TCP shellcode

The first assignment is to create a shell …




nasm on OpenBSD

Recently I decided to study for the SLAE64 course from Pentester Academy to work on my assembly knowledge, specifically on x86_64. Through the course does focus on Linux I want to apply the knowledge to OpenBSD/amd64 too and thus I installed NASM and looked at what I needed to …




Setting up NetBox on OpenBSD

The following documents the steps needed to setup NetBox on OpenBSD. I am running NetBox on a PC Engines APU which holds up fairly well and I have since migrated my own setup from RackTables to NetBox, primarily because of the API functionality NetBox offers which allows for integration with …




Salt managed TLS files

When managing configuration for various services, you'll (hopefully) end up having to install TLS certificates at some point. Instead of having to come up with the same logic in various modules, roles or formulas I've had an Ansible role for a while that bundled all the logic into a single …




Consul with SMF on Solaris

Whilst setting up consul on SmartOS I noticed the packages distributed through pkgsrc were lagging behind a bit and the upstream "distribution" contains only the consul binary.

Running consul -dev in a tmux window will get boring pretty quickly, so I came up with the following SMF manifest using …




Ansible modules for SmartOS imgadm and vmadm

As mentioned in an earlier post I'd been working on two new Ansible modules; for imgadm(1M) and vmadm(1M). So here I want to demonstrate these new modules which will be part of Ansible 2.3.

imgadm

The imgadm module allow for managing both images and data sources. Let's …