Malware Development Primer 1- Shellcode Execution

Disclaimer

The posts in Malware Development Primer series are intended for educational and red/blue teaming purposes only. The author does not condone infecting systems without the consent of the system owner. The author should not be held responsible for any misuse of this content. Act responsibly!

Introduction

The word “malware” always sets off alarms, and rightly so for all the havoc it can cause. The art in malware development lies in creative evasion. Developing undetectable malware is an essential skill for red teamers as open source offensive tools are easily caught by the most naïve antivirus software. Red teams need to keep up with maturing defenders and blue teams, vice versa. In this series, I intend to document my learnings on developing malware and bypassing latest defenses.

In this post, I will introduce malware development in C/C++ by creating a PE .exe file that executes shellcode to pop a reverse shell.

May 15, 2023

Interface – HackTheBox Writeup

Thoviti Siddharth Uncategorized API, Arithmetic Expression Injection, code review, Curl, CVE-2022-28368, Directory Fuzzing, DomPDF, exiftool, ffuf, HackTheBox, HTB, Infosec, Linux Box, Parameter Fuzzing, pspy, Writeup 0

Machine Name: Interface
IP: 10.10.11.200
Difficulty: Medium

Summary

Interface is a medium machine that requires some “curling” skills to form request and demystify their respective response codes. The machine has a lot of fuzzing for API endpoints and parameters which lead to an exploit for DomPDF. The vulnerability deals with how DomPDF caches the font file and allows remote files to be read. The privilege escalation teaches a new technique that abuses Arithmetic Expression Injection in bash scripts.