Command Execution Code
In some cases, itmay not be possible or desirable to establish new network connections
and carry out shell operations over what is essentially an unencrypted telnet session. In
such cases, all that may be required of our payload is the execution of a single command
that might be used to establish a more legitimate means of connecting to the target computer.
Examples of such commands would be copying an ssh public key to the target
computer in order to enable future access via an ssh connection, invoking a system command
to add a new user account to the target computer, or modifying a configuration
file to permit future access via a backdoor shell. Payload code that is designed to execute
a single command must typically perform the following steps:
1. Assemble the name of the command that is to be executed.
2. Assemble any command-line arguments for the command to be executed.
3. Invoke the execve system call in order to execute the desired command.
Because there is no networking setup necessary, command execution code can often be
quite small.
Chapter 9: Shellcode Strategies
201
PART III
File Transfer Code
It may be the case that a target computer does not have all of the capabilities that we
would wish to utilize once we have successfully penetrated it.
Pages:
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392