x86 Linux Egg hunter

This is a small post regarding egg hunting on x86 Linux systems. I’d highly recommend you to read skape’s paper “Safely Searching Process Virtual Address Space” . He has described his techniques for Linux and Windows systems. I will be using one of his implementations.  I will use the access system call which is 33 for IA-32.

#define __NR_access              33

The access system call can be used the check whether the calling process can access the file.

#include <unistd.h>
int access(const char *pathname, int mode);

This is the x86 assembly implementation of the hunger code. It will search the virtual address space for our tag “AAAA” and begin execution of our shellcode. I am not going to explain this implementation. You can refer to skape’s document in higher detail.

(more…)

Advertisements

Chmod 0777 Polymorphic Shellcode

This is my first hand written shellcode for linux which I wrote it for fun and exploration. I am a bit new to shellcoding in *nix environments. This shellcode changes the permission of the shadow file in linux/x86 system to 0777. According to the Linux programmer’s manual of chmod it takes two arguments.

#include <sys/stat.h>

int chmod(const char *path, mode_t mode);

(more…)