Getting a Shell

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
21 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
22
Video Transcription
00:00
getting a shell
00:02
are learning objective is to understand how to create shell code to ultimately get a shell on the box or buffer overflow box.
00:11
So at this point shutdown immunity. D bugger if you want to you can go back and use it again and attach the program. But if you want to live life dangerously,
00:21
just leave the program up here. You know, start to stack buffer overflow good
00:27
and just let it run
00:29
so I'll go back to my Cali box.
00:37
And what I'll do now is I want to create my shell code.
00:43
So I'm using MSF venom again and I'm using my payload Windows Shell, reverse TCP, you can change this, you can make it uh Shell, you can do interpreter, reverse TCP.
00:55
I like shel reverse TCP because I can use Net Cat. I don't have to set up,
01:00
You know, I don't have to set up medicine played again. So you'll see that my local host is my Cali box by port is 4444.
01:07
Exit function threat is to prevent the program from crashing If I get out of my neck. Cat shell,
01:14
Our format is in Python and we're using an encoding of X 86 Shikata Ghana.
01:19
No, I I should help them saying that right. Shikata ga nai.
01:23
And here's our here are bad characters. So we went through all that whole process of finding bad characters. Right? Don't forget this step because if you forget this or if you don't include the bad characters in here, your shell is not going to work and you're gonna be wondering why? I would say a lot of the problems. I ran into a lot of the reasons why my shells did not work was because I didn't find all the bad characters. So that's why I keep
01:44
saying is important to find the bad characters
01:48
and I'm going to call it shell when I put it into my python script.
01:55
So you see here here's the final size of the Python file. This is 1008 and seven bites. Why is it? That becomes important when
02:02
you only have a certain buffer size and if you make your shell code too big,
02:09
it won't execute, it won't work. But I know in my trying this out that this size is fine and it does work but just
02:19
be cognizant depending on what the program is, the more bites you have, um you know, the more you're writing to the program and the more chance you have of it crashing and not working. So I like to keep my shell code as small as possible
02:32
so I'll take this,
02:35
I'm going to add it to our
02:38
script Now.
02:40
You can see if I've already done this before, but here's my comment. I like to know what I did because I can't remember what port
02:47
I need to have for Net Cat.
02:51
Mhm.
02:53
He did it.
02:55
So of course
02:59
What I'm changing here is I have a nop sled or not slide, which is this X 90.
03:05
I have it at 10. Some people use three, some people use eight, I'm going to use 10 and then I'm adding my shell code to it.
03:13
If you read through the guide,
03:15
the author does not like not sleds. He actually hates them.
03:20
Um but I'm going off of what I learned from the P. W. K. Material again. Try both ways, try the way the author wrote and try this way and see which one you like. His code is beautiful. Like I said, mine is probably a lot more messy, but this is the way I learned it. So this is the way that I write it
03:38
and hopefully it works.
03:42
So I will save this
03:44
and I will set up my Net cat listener.
03:50
And what I'll do now
03:55
is I'm going to launch our shell script and hope that I see
04:00
a nice Windows command prompt pop up in the right window
04:05
and there we go.
04:06
We can see we have the connection received from our Windows box and we can see we're on the desktop.
04:15
So now here is where you can ultimately find your proof file or local file and uh you've successfully done the buffer overflow a lot of work. Um, but ultimately, you know, when I see that command prompt pop up,
04:31
that's one of the best things I can see after all that work.
04:34
So again, if you're not seeing this,
04:38
go back through the bad characters and see if there are more
04:43
um, and just go through the steps before. I I've done it before, where I start from square one,
04:50
and I would say most of the time, the reason I don't get a shell is because of bad characters, so keep that in mind.
05:00
So in some way, we should not understand how to create shell code to ultimately get a shell.
Up Next
Offensive Penetration Testing

The Offensive Penetration Testing course opens the doors to those wanting to begin a penetration testing career. This course will prepare learners to begin their pentesting career journey by understanding what tools, techniques, and resources are available for someone starting out in offensive penetration testing.

Instructed By