64-bit shellcoding and introduction to buffer overflow exploitation on Linux is a 3 hour workshop which is essentially divided into 3 parts:
Introduction to 64-bit architecture in order to get familiar with registers, stack, calling conventions described in the Intel 64 (x86-64) architecture manual and the most common assembly instructions and syscalls which we will later use to write our shellcodes.
Shellcoding where we try different techniques to write the shellcode and of course you gonna get to greet the shellcoding world with your own Hello World shellcode in addition to reverse shell which we will use later on in part 3
Introduction to buffer overflows, so you can put your newly received know-how about stack into practise right away. Shellcode without being used is a wasted shellcode! Part 3 ends with a buffer overflow challenge where your goal is to use your reverse shellcode to get a connection back to your machine.
- we will get to use command line tools like nasm, objdump, ld, ausyscall, and gdb
- we will learn how to find global and local variables using gdb and identify the corresponding sections; navigating in functions and examining memory in gdb;
- we will learn the basics of assembly language instructions and how to write your own assembly programs get familiar with the basics of x86-64 architecture
- using syscalls in shellcoding
- JMP technique when writing shellcode
- introduction to stack based buffer overflows
Participants are expected to either build their own Ubuntu 16.04 VM-s per given instructions or simply download the ready made machine provided for them and import it to Virtualbox.
Participants should bring:
If you want to prepare your machine yourself then get Ubuntu 16.04.6 Xenial 64-bit VM from: osboxes.org/ubuntu/ and follow the instructions.If you prefer a ready made machine which you can just import to Virtualbox then download the .OVA file from: preview.tinyurl.com/yxnkek9j
Participants must know or have:
It is an introductory course so no knowledge on assembly, shellcoding, buffer overflows is needed, but of course helpful if they do. However, students should be able to user Virtualbox to set up their own Ubuntu 16.04 VM or import the one given by me before the workshop.
Silvia Väli Pentester, Clarified Security
I am currently working as a web application pentester at Clarified Security, which is based in Estonia. Shellcoding, assembly language and understanding the x86-64 bit architecture on its own is something I do for fun aside from also running the TallinnSec IT security meetups in Tallinn, Estonia.