Offensive Shellcode from Scratch by Rishalin Pillay
Author:Rishalin Pillay
Language: eng
Format: epub
Publisher: Packt Publishing Pvt. Ltd.
Published: 2022-03-10T00:00:00+00:00
Backdooring PE files with shellcode
Portable execution files are often used within many organizations. Examples of these files include archive managers such as 7zip, Sysinternals tools such as bginfo, and more.
Since these files have the ability to execute without being installed, it is a good target for shellcode injection. This technique is called backdooring. In this section, we will focus on backdooring the 7zip file manager portable executable. We will add our shellcode to a new memory section within the PE file. In order to showcase the capability without ASLR interference, I am using version 17.01, which can be downloaded here:
https://sourceforge.net/projects/sevenzip/files/7-Zip/
With the advancements in memory protections, many portable executable files now make use of Address Space Layout Randomization (ASLR). ASLR is a protection mechanism whereby memory addresses are randomized. We will cover ASLR in more detail in Chapter 6, Countermeasures and Bypasses.
You can verify whether ASLR is in use by a particular program by looking at its entry points in a debugger during each launch, or you can utilize tools that check whether ASLR is being used. One such tool is a simple PowerShell utility called PESecurity. This tool can be downloaded from the following GitHub location: https://github.com/NetSPI/PESecurity.
Once you have downloaded the tool and imported the module, all you need to do is run the script using the following command:
Get-PESecurity âf filename
In the following screenshot, I have run this script on the 7zip file manager executable that we will use for the rest of this section:
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4131)
Ego Is the Enemy by Ryan Holiday(3992)
Offensive Shellcode from Scratch by Rishalin Pillay(3680)
Exploring Deepfakes by Bryan Lyon and Matt Tora(3274)
Robo-Advisor with Python by Aki Ranin(3056)
Learning C# by Developing Games with Unity 2021 by Harrison Ferrone(2876)
Speed Up Your Python with Rust by Maxwell Flitton(2853)
Liar's Poker by Michael Lewis(2812)
Agile Security Operations by Hinne Hettema(2807)
Linux Command Line and Shell Scripting Techniques by Vedran Dakic and Jasmin Redzepagic(2807)
OPNsense Beginner to Professional by Julio Cesar Bueno de Camargo(2806)
Extreme DAX by Michiel Rozema & Henk Vlootman(2791)
Essential Cryptography for JavaScript Developers by Alessandro Segala(2743)
Elevating React Web Development with Gatsby by Samuel Larsen-Disney(2734)
Python for ArcGIS Pro by Silas Toms Bill Parker(2648)
AI-Powered Commerce by Andy Pandharikar & Frederik Bussler(2643)
Incident Response Techniques for Ransomware Attacks by Oleg Skulkin(2630)
Cryptography Algorithms by Massimo Bertaccini(2628)
Distributed .NET with Microsoft Orleans by Bhupesh Guptha Muthiyalu Suneel Kumar Kunani(2628)