OWASP Code Sprint 2017

Pratik Patel

unread,

Jul 5, 2017, 3:04:03 PM7/5/17

to OWASP ZSC, rnikhil...@gmail.com, Ali Razmjoo, Pratik Patel

Hi all,

Creating this post to track OWASP Code Sprint tasks.

Regards,
Pratik

Ali Razmjoo

unread,

Jul 9, 2017, 4:57:08 AM7/9/17

to Pratik Patel, OWASP ZSC, Nikhil R

Hello Nikhil,

2 tasks are in priority

1) Encoding for macOS shellcodes

2) Start working on windows shellcode by beginning with trying to make to get command execution.

Please start the first one, MacOS shellcodes already exists and you can look up the samples for linux x86 encoders in here https://github.com/zscproject/OWASP-ZSC/tree/master/lib/encoder/linux_x86

more information:

in this file, line 14 will be replaced with "ebx" values generated in line 35, these values must be encode.

the other values need to encode are line 24,25 and 27,28

let me know if you need any help or more information.

Sincerely yours,

Ali Razmjoo

Iran Chapter Leader

OWASP ZSC Project Leader

Pratik Patel

unread,

Jul 11, 2017, 3:05:57 PM7/11/17

to Ali Razmjoo, OWASP ZSC, Nikhil R

Hi,

Sorry guys lately I got busy with my job. Nikhil, can you update on the tasks that you are working on? Please let us know if you need any help.

Regards,

Pratik

Ali Razmjoo

unread,

Jul 13, 2017, 10:32:37 AM7/13/17

to Pratik Patel, Nikhil R, OWASP ZSC

Hello Nikhil, Please report details about the following the tasks. Thanks.

Nikhil R

unread,

Jul 13, 2017, 7:31:54 PM7/13/17

to OWASP ZSC

Hi Mr. Pratik and Mr. Ali,

I first apologise for the slow start.

As I mentioned before, I started working on encoding for macOS shellcodes. I started with doing the "add_random". However, I wasn't able to understand the shell code properly so I started reading the Shellcoders handbook to make sense of it which is why it's taking so long. I don't understand why the particular values have to be encoded and not others. At present I am reading that book and trying to draw parallels between the linux version of shell code and osx using which i am trying to write the encode module for OS X_x86

Nikhil R

unread,

Jul 14, 2017, 11:22:58 AM7/14/17

to OWASP ZSC

Hi,

Update: So, I understood what's happening in the shellcode now and why certain values have to be encoded. Basically the values where you pass syscall numbers to eax( %al)

I finished writing add_random encode for the 'exec' job. You can check it here[1]. I reused a lot of code from the linux encodings. I think I am understanding what's happening on the inside compared to like 10 hours ago and going by the same rate I hope I can catch up on the left out tasks as fast as possible.

I am currently working on add the rest of the jobs to the add_random shellcode and then moving onto others.

[1]https://github.com/rnikhil275/OWASP-ZSC/blob/code_sprint_dev/lib/encoder/osx_x86/add_random.py

Ali Razmjoo

unread,

Jul 14, 2017, 11:24:50 AM7/14/17

to Nikhil R, OWASP ZSC

Hi Nikhil, let me check it. please continue your tasks, keep it up.

--
You received this message because you are subscribed to the Google Groups "OWASP ZSC" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-zsc+unsubscribe@googlegroups.com.
To post to this group, send email to owas...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/owasp-zsc/ac10b5a0-19dd-470f-a318-31953f40670b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.