1
00:00:00,530 --> 00:00:01,190
Hello everyone.

2
00:00:01,190 --> 00:00:07,550
This is Stephan and in our last lecture we embarked on a thrilling journey where we took our theoretical

3
00:00:07,550 --> 00:00:11,120
knowledge and transformed it into hands on practice.

4
00:00:11,120 --> 00:00:14,600
Now let's delve into what we accomplished, learned, and practiced.

5
00:00:14,600 --> 00:00:21,170
So in our previous lecture, we focused on generating an assembly program, which we will use that in

6
00:00:21,170 --> 00:00:22,610
this lecture as a shell code.

7
00:00:22,610 --> 00:00:29,750
And our goal was to witness the culmination of our efforts by creating an executable program that embodies

8
00:00:29,750 --> 00:00:31,670
the technique we have been mastering.

9
00:00:31,670 --> 00:00:33,590
So now, um.

10
00:00:34,730 --> 00:00:40,520
We will generate our C code and I will explain that line by line.

11
00:00:40,670 --> 00:00:42,470
So that's a no.

12
00:00:42,470 --> 00:00:42,980
Yeah.

13
00:00:42,980 --> 00:00:48,230
Main dot c here or shell code dot C here.

14
00:00:48,230 --> 00:00:52,760
Or let's actually make it exploit dot c dot c x.

15
00:00:52,850 --> 00:00:55,190
Let's rename it to C here.

16
00:00:55,190 --> 00:01:07,280
And now we will firstly include the include the stdio here and input output and include the string here.

17
00:01:07,790 --> 00:01:11,450
And these are the headers we want to use in our C program.

18
00:01:11,450 --> 00:01:13,520
And we will create an integer main.

19
00:01:14,290 --> 00:01:24,610
So in this main we will firstly use create our unsigned unsigned character code here.

20
00:01:25,090 --> 00:01:27,340
So this is going to be our shell code.

21
00:01:28,110 --> 00:01:29,310
Which we will.

22
00:01:30,600 --> 00:01:32,760
Turn the stack exploit into shell code.

23
00:01:32,760 --> 00:01:34,890
Now with our.

24
00:01:36,480 --> 00:01:39,600
Uh, famous, uh, objdump here.

25
00:01:39,600 --> 00:01:44,490
Uh, so let's actually, instead of writing it, uh, it should be somewhere.

26
00:01:44,490 --> 00:01:51,480
And, uh, as I was, as I was, as I always do, I will, uh, share it with you.

27
00:01:51,750 --> 00:01:52,500
Uh, here.

28
00:01:52,500 --> 00:01:53,220
So.

29
00:01:54,120 --> 00:01:55,800
This is here.

30
00:01:55,800 --> 00:01:58,710
So objdump amp Intel.

31
00:01:58,830 --> 00:01:59,460
Hello.

32
00:01:59,460 --> 00:01:59,670
Here.

33
00:01:59,670 --> 00:02:06,270
So in this hello we will change this into our stack exploit.

34
00:02:06,270 --> 00:02:07,200
Exploit here.

35
00:02:07,200 --> 00:02:07,830
And that's it.

36
00:02:07,830 --> 00:02:09,660
So this is our shellcode.

37
00:02:10,620 --> 00:02:13,860
Now we will copy this and let's actually turn this.

38
00:02:13,860 --> 00:02:17,820
So our stack when we run this we are seeing a.

39
00:02:19,010 --> 00:02:24,560
Output where we are printing the malware injected with stack method, we actually use this stack method.

40
00:02:24,560 --> 00:02:28,820
As you can see here, we moved, passed, moved, passed, and so on.

41
00:02:28,820 --> 00:02:32,390
So I explained this in a previous lecture here.

42
00:02:32,390 --> 00:02:35,300
And now let's turn to exploit dot c.

43
00:02:35,300 --> 00:02:39,620
So we will copy this shell code into here and end this here.

44
00:02:39,620 --> 00:02:40,460
And that's it.

45
00:02:40,460 --> 00:02:42,980
Now we will print f the shell code.

46
00:02:42,980 --> 00:02:47,840
So print F shell code length here length.

47
00:02:49,020 --> 00:02:50,850
And this is going to be.

48
00:02:50,850 --> 00:02:54,270
And here add integer.

49
00:02:54,690 --> 00:02:55,890
Integer.

50
00:02:56,520 --> 00:02:58,350
After that strlen.

51
00:02:59,380 --> 00:03:01,480
Uh, the code here.

52
00:03:01,480 --> 00:03:02,410
Yes.

53
00:03:02,500 --> 00:03:05,050
Actually, let's change this to shell code.

54
00:03:05,080 --> 00:03:05,650
Yeah.

55
00:03:06,220 --> 00:03:08,590
Shell code here.

56
00:03:08,590 --> 00:03:09,970
Shell code.

57
00:03:09,970 --> 00:03:10,960
And that's it.

58
00:03:10,990 --> 00:03:19,810
Now, what we're going to do is we will let's first create this function here with red, as we always

59
00:03:19,810 --> 00:03:27,580
do for this shell code executables and uh integer here.

60
00:03:28,960 --> 00:03:29,530
Yeah.

61
00:03:29,530 --> 00:03:30,190
Integer.

62
00:03:30,190 --> 00:03:31,180
And after that?

63
00:03:33,440 --> 00:03:34,130
Yeah.

64
00:03:36,020 --> 00:03:41,750
I will use another braces again with empty and we will use our shell code here.

65
00:03:42,020 --> 00:03:45,020
And now we will call this function read.

66
00:03:46,380 --> 00:03:47,250
And that's it.

67
00:03:49,020 --> 00:03:56,580
So this code starts with a necessary include directives for standard input output and string manipulation.

68
00:03:56,580 --> 00:04:04,620
Here and here we define an array named shellcode to hold our shellcode at the shellcode, which represents

69
00:04:04,650 --> 00:04:11,190
a sequence of machine instruction and should be inserted with the double quotes here.

70
00:04:12,050 --> 00:04:18,500
And also we have this main which is this is the main function of our program.

71
00:04:18,500 --> 00:04:21,920
It acts as a starting point of execution.

72
00:04:21,920 --> 00:04:23,720
And here we have printf.

73
00:04:23,720 --> 00:04:28,430
So this line prints the length of our shellcode array using the printf function.

74
00:04:28,430 --> 00:04:34,250
So and the str Len function calculates the length of this shellcode array.

75
00:04:34,250 --> 00:04:36,470
And we also have the ret here.

76
00:04:36,470 --> 00:04:39,770
So this line defines a function pointer named read.

77
00:04:39,830 --> 00:04:47,570
So the pointer is initialized to point to memory address of this shellcode array, effectively creating

78
00:04:47,570 --> 00:04:51,830
a callable function from the shellcode and read here.

79
00:04:51,830 --> 00:04:58,130
This line calls the function pointed to by the read pointer, and in a sense it executes the shellcode.

80
00:04:58,130 --> 00:05:03,620
So with our C program ready, we move on to the compilation and execution phase.

81
00:05:03,620 --> 00:05:08,150
Now we will do that with a terminal here.

82
00:05:08,150 --> 00:05:11,300
So we will GCC actually did we created this.

83
00:05:11,300 --> 00:05:12,800
Yeah.

84
00:05:12,800 --> 00:05:13,700
Exploit dot c.

85
00:05:13,700 --> 00:05:19,340
So gcc f no stack protector protector.

86
00:05:20,670 --> 00:05:25,530
The exact stack here and exploit dot c.

87
00:05:25,650 --> 00:05:26,880
That's it here.

88
00:05:26,880 --> 00:05:29,070
So this command compiles a C program.

89
00:05:29,070 --> 00:05:37,410
This, uh, f stack protector and the X stack are used to disable the stack protection and allow execution

90
00:05:37,410 --> 00:05:38,250
from the stack.

91
00:05:38,250 --> 00:05:42,570
And now we will run this here, and that's it.

92
00:05:42,570 --> 00:05:43,470
So.

93
00:05:45,250 --> 00:05:48,460
Running this command executes our compiled program.

94
00:05:48,460 --> 00:05:53,680
As a result, the shellcode is executed and we observe its behavior.

95
00:05:53,680 --> 00:06:01,240
So with a successful execution of our C program, we achieved a significant milestone.

96
00:06:01,240 --> 00:06:07,810
So we have applied our special task technique to generate, inject and execute shellcode.

97
00:06:07,810 --> 00:06:15,250
So this practical experience reinforced our theoretical understanding and sets the stage for even more

98
00:06:15,250 --> 00:06:16,810
advanced explorations.

99
00:06:16,810 --> 00:06:20,620
And congratulations everyone on a job well done.

100
00:06:20,620 --> 00:06:26,890
So in our next lecture, we will continue to expand our horizons as we delve deeper into the intricacies

101
00:06:26,890 --> 00:06:29,500
of shellcode and exploit development.

102
00:06:29,500 --> 00:06:32,230
My name is Stephan and I'm waiting for you in the next lecture.