Probably you’re here because you’re interested in obtaining the OSCP certification. Smart decision, good for you! Or maybe you are interested in obtaining a certification in info-sec, but you are still looking for the right one? Even if you are just looking for a way to boost your technical skills, you may be interested in becoming an Offensive Security Certified Professional.
I recently went through the course (Penetration testing with Kali Linux) and certification exam, so here is some of my experience and a few thoughts, you might find them useful.
There is no secret that in order to obtain this certification, you need to dedicate a great amount of time and ambition and I completely agree with this.
Also, rumour has it that you already need to have Godlike skills in everything there is to know, or else you won’t understand the materials. I can honestly say that the rumours aren’t true. A strong background in info-sec is preferred, however the course materials are very well explained, there are plenty resources for learning your way through this course, all you need is the determination to try harder and read more, until you fill all knowledge gaps that might appear.
If you missed the first two parts of this article, you can find in Part I what is a shellcode, how it works and which are its limitations and in Part II you can read about the PEB (Process Environment Block) structure, the PE (.exe, .dll) file format and you can go through a short ASM introduction. You’ll need this information in order to properly understand Windows shellcodes.
In this last part of the shellcode development introduction, we will write a simple “SwapMouseButton” shellcode, a shellcode that will swap left and right mouse buttons. We will start from an existing shellcode: “Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode“. The shellcode name tells us a few things, such like it uses:
- URLDownloadToFile Windows API function to download a file
- WinExec to execute the file (executable file: .exe)
- ExitProcess will terminate the process running the shellcode
If you missed the first part of this series, where you can read about what is a shellcode and how it works, you can find it here: Part I. In this part, I will cover required information in order to be able to properly write a shellcode for Windows platform: the Process Environment Block, the format of Portable Executable files and a short introduction to x86 Assembly. This article will not cover all the aspects of these concepts, but it should be enough in order to properly understand shellcodes.
Process Environment Block
Within Windows operating system, PEB is a structure available for every process at a fixed address in memory. This structure contains useful information about the process such as: the address where the executable is loaded into memory, the list of modules (DLL), a flag specifying if the process is being debugged and many others.
It is important to understand that the structure is intended to be used by the operating system. It is not consistent across different Windows system versions, so it may change with each new Windows release, but some common information has been kept.
This article contains an overview of shellcode development techniques and their specific aspects. Understanding these concepts allows you to write your own shellcode. Furthermore, you could modify existing exploits that contain already made shellcode to perform custom functionality that you need.
Let’s say you have a working exploit in Internet Explorer or Flash Player that opens calc.exe. This isn’t really useful, is it? What you really want is to execute some remote commands or to do other useful functionality.
In this situation you may want to use standard existing shellcode as the ones from Shell Storm database or generated by from Metasploit’s msfvenom tool. However, you must first understand the basic principles of shellcoding so you can use them effectively in your exploits.
For those who are not familiar with this term, as Wikipedia says:
“In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called “shellcode” because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode… Shellcode is commonly written in machine code.”
At the end of November, between 19 and 20, we will be present at Defcamp 2015 Information Security conference. Adrian Furtuna, Technical Manager at KPMG Romania and Ionut Ambrosie, Security Consultant at KPMG Romania will deliver a hands-on workshop on web security.
At DefCamp 2015 you will learn how easy your online data can be stolen, how your privacy is violated and what are the techniques used to break critical systems security
The Internet is perhaps the greatest invention of the twentieth century and made possible, since 2000, the rise in popularity for smart devices such as smartphones and social networks like Facebook, Twitter or LinkedIn. Besides all the benefits it brings, such as instant communication, faster access to services and access to information, privacy and data security are two issues that should concern more and more users.