├── 1-introduction ├── buffer.c ├── heap.c ├── instruction-pointer.c ├── stack-overflow.c └── stack.c ├── 10-real-world-scenarios-part2 ├── control-eip.py ├── final-exploit.py └── fuzzing.py ├── 11-real-world-scenarios-part3 ├── control-seh.py ├── final-exploit.py └── fuzzing.py ├── 3-assembly-language-in-linux ├── arithmetic-operations │ ├── add-sub-with-carry.nasm │ └── add-sub.nasm ├── bit-shifting-operations │ ├── shift-arithmetic-left.nasm │ └── shift-arithmetic-right.nasm ├── control-the-flow │ ├── jmp-hello.nasm │ ├── jmp-un.nasm │ ├── jump-if-below-or-equal.nasm │ ├── jump-if-below.nasm │ ├── jump-if-below2.nasm │ └── jump-if-not-sign.nasm ├── data-manipulation │ ├── load-effective-address.nasm │ ├── move-direct.nasm │ ├── move-memory-registers.nasm │ ├── move-registers-memory.nasm │ ├── move-registers.nasm │ └── xchg.nasm ├── hello-world-exit.nasm ├── hello-world.nasm ├── inc-dec.nasm ├── logical-operations │ ├── and.nasm │ ├── not.nasm │ ├── or.nasm │ └── xor.nasm ├── logical-shift │ ├── logical-shift-left.nasm │ └── logical-shift-right.nasm ├── loops │ ├── loop-final.nasm │ └── loop.nasm ├── procedure.nasm ├── rotate-operation │ ├── rotate-left.nasm │ └── rotate-right.nasm └── stack.nasm ├── 4-reverse-engineering └── buffer.c ├── 5-creating-shellcode ├── bind-tcp-shellcode.c ├── bind-tcp.c ├── bind-tcp.nasm ├── execve-shellcode.c ├── execve.nasm ├── jmp-call-shellcode.c ├── jmp-call.nasm ├── relative-address-shellcode.c ├── relative-address.nasm ├── reverse-tcp-shellcode.c ├── reverse-tcp.c ├── reverse-tcp.nasm ├── stack-shellcode.c └── stack.nasm ├── 6-buffer-overflow-attacks ├── buffer.c ├── buffer2.c ├── buffer3.c ├── exec.c ├── exploit-buffer2.py ├── exploit-buffer3.py ├── exploit-buufer.py ├── exploit-exec.py └── shell.c ├── 7-exploit-development-part1 ├── buffer.c └── exploit.py ├── 8-exploit-development-part2 ├── exploit-rop.py ├── exploit-vulnserver.py └── rop.c ├── 9-real-world-scenarios-part1 ├── control-eip.py ├── example-another-parameter.py ├── final-exploit.py └── fuzzing.py └── README.md /1-introduction/buffer.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/1-introduction/buffer.c -------------------------------------------------------------------------------- /1-introduction/heap.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/1-introduction/heap.c -------------------------------------------------------------------------------- /1-introduction/instruction-pointer.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/1-introduction/instruction-pointer.c -------------------------------------------------------------------------------- /1-introduction/stack-overflow.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/1-introduction/stack-overflow.c -------------------------------------------------------------------------------- /1-introduction/stack.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/1-introduction/stack.c -------------------------------------------------------------------------------- /10-real-world-scenarios-part2/control-eip.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/10-real-world-scenarios-part2/control-eip.py -------------------------------------------------------------------------------- /10-real-world-scenarios-part2/final-exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/10-real-world-scenarios-part2/final-exploit.py -------------------------------------------------------------------------------- /10-real-world-scenarios-part2/fuzzing.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/10-real-world-scenarios-part2/fuzzing.py -------------------------------------------------------------------------------- /11-real-world-scenarios-part3/control-seh.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/11-real-world-scenarios-part3/control-seh.py -------------------------------------------------------------------------------- /11-real-world-scenarios-part3/final-exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/11-real-world-scenarios-part3/final-exploit.py -------------------------------------------------------------------------------- /11-real-world-scenarios-part3/fuzzing.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/11-real-world-scenarios-part3/fuzzing.py -------------------------------------------------------------------------------- /3-assembly-language-in-linux/arithmetic-operations/add-sub-with-carry.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/arithmetic-operations/add-sub-with-carry.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/arithmetic-operations/add-sub.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/arithmetic-operations/add-sub.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/bit-shifting-operations/shift-arithmetic-left.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/bit-shifting-operations/shift-arithmetic-left.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/bit-shifting-operations/shift-arithmetic-right.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/bit-shifting-operations/shift-arithmetic-right.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/control-the-flow/jmp-hello.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/control-the-flow/jmp-hello.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/control-the-flow/jmp-un.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/control-the-flow/jmp-un.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/control-the-flow/jump-if-below-or-equal.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/control-the-flow/jump-if-below-or-equal.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/control-the-flow/jump-if-below.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/control-the-flow/jump-if-below.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/control-the-flow/jump-if-below2.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/control-the-flow/jump-if-below2.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/control-the-flow/jump-if-not-sign.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/control-the-flow/jump-if-not-sign.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/data-manipulation/load-effective-address.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/data-manipulation/load-effective-address.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/data-manipulation/move-direct.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/data-manipulation/move-direct.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/data-manipulation/move-memory-registers.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/data-manipulation/move-memory-registers.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/data-manipulation/move-registers-memory.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/data-manipulation/move-registers-memory.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/data-manipulation/move-registers.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/data-manipulation/move-registers.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/data-manipulation/xchg.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/data-manipulation/xchg.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/hello-world-exit.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/hello-world-exit.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/hello-world.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/hello-world.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/inc-dec.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/inc-dec.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/logical-operations/and.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/logical-operations/and.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/logical-operations/not.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/logical-operations/not.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/logical-operations/or.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/logical-operations/or.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/logical-operations/xor.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/logical-operations/xor.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/logical-shift/logical-shift-left.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/logical-shift/logical-shift-left.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/logical-shift/logical-shift-right.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/logical-shift/logical-shift-right.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/loops/loop-final.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/loops/loop-final.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/loops/loop.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/loops/loop.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/procedure.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/procedure.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/rotate-operation/rotate-left.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/rotate-operation/rotate-left.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/rotate-operation/rotate-right.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/rotate-operation/rotate-right.nasm -------------------------------------------------------------------------------- /3-assembly-language-in-linux/stack.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/3-assembly-language-in-linux/stack.nasm -------------------------------------------------------------------------------- /4-reverse-engineering/buffer.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/4-reverse-engineering/buffer.c -------------------------------------------------------------------------------- /5-creating-shellcode/bind-tcp-shellcode.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/5-creating-shellcode/bind-tcp-shellcode.c -------------------------------------------------------------------------------- /5-creating-shellcode/bind-tcp.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/5-creating-shellcode/bind-tcp.c -------------------------------------------------------------------------------- /5-creating-shellcode/bind-tcp.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/5-creating-shellcode/bind-tcp.nasm -------------------------------------------------------------------------------- /5-creating-shellcode/execve-shellcode.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/5-creating-shellcode/execve-shellcode.c -------------------------------------------------------------------------------- /5-creating-shellcode/execve.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/5-creating-shellcode/execve.nasm -------------------------------------------------------------------------------- /5-creating-shellcode/jmp-call-shellcode.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/5-creating-shellcode/jmp-call-shellcode.c -------------------------------------------------------------------------------- /5-creating-shellcode/jmp-call.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/5-creating-shellcode/jmp-call.nasm -------------------------------------------------------------------------------- /5-creating-shellcode/relative-address-shellcode.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/5-creating-shellcode/relative-address-shellcode.c -------------------------------------------------------------------------------- /5-creating-shellcode/relative-address.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/5-creating-shellcode/relative-address.nasm -------------------------------------------------------------------------------- /5-creating-shellcode/reverse-tcp-shellcode.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/5-creating-shellcode/reverse-tcp-shellcode.c -------------------------------------------------------------------------------- /5-creating-shellcode/reverse-tcp.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/5-creating-shellcode/reverse-tcp.c -------------------------------------------------------------------------------- /5-creating-shellcode/reverse-tcp.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/5-creating-shellcode/reverse-tcp.nasm -------------------------------------------------------------------------------- /5-creating-shellcode/stack-shellcode.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/5-creating-shellcode/stack-shellcode.c -------------------------------------------------------------------------------- /5-creating-shellcode/stack.nasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/5-creating-shellcode/stack.nasm -------------------------------------------------------------------------------- /6-buffer-overflow-attacks/buffer.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/6-buffer-overflow-attacks/buffer.c -------------------------------------------------------------------------------- /6-buffer-overflow-attacks/buffer2.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/6-buffer-overflow-attacks/buffer2.c -------------------------------------------------------------------------------- /6-buffer-overflow-attacks/buffer3.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/6-buffer-overflow-attacks/buffer3.c -------------------------------------------------------------------------------- /6-buffer-overflow-attacks/exec.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/6-buffer-overflow-attacks/exec.c -------------------------------------------------------------------------------- /6-buffer-overflow-attacks/exploit-buffer2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/6-buffer-overflow-attacks/exploit-buffer2.py -------------------------------------------------------------------------------- /6-buffer-overflow-attacks/exploit-buffer3.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/6-buffer-overflow-attacks/exploit-buffer3.py -------------------------------------------------------------------------------- /6-buffer-overflow-attacks/exploit-buufer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/6-buffer-overflow-attacks/exploit-buufer.py -------------------------------------------------------------------------------- /6-buffer-overflow-attacks/exploit-exec.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/6-buffer-overflow-attacks/exploit-exec.py -------------------------------------------------------------------------------- /6-buffer-overflow-attacks/shell.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/6-buffer-overflow-attacks/shell.c -------------------------------------------------------------------------------- /7-exploit-development-part1/buffer.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/7-exploit-development-part1/buffer.c -------------------------------------------------------------------------------- /7-exploit-development-part1/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/7-exploit-development-part1/exploit.py -------------------------------------------------------------------------------- /8-exploit-development-part2/exploit-rop.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/8-exploit-development-part2/exploit-rop.py -------------------------------------------------------------------------------- /8-exploit-development-part2/exploit-vulnserver.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/8-exploit-development-part2/exploit-vulnserver.py -------------------------------------------------------------------------------- /8-exploit-development-part2/rop.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/8-exploit-development-part2/rop.c -------------------------------------------------------------------------------- /9-real-world-scenarios-part1/control-eip.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/9-real-world-scenarios-part1/control-eip.py -------------------------------------------------------------------------------- /9-real-world-scenarios-part1/example-another-parameter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/9-real-world-scenarios-part1/example-another-parameter.py -------------------------------------------------------------------------------- /9-real-world-scenarios-part1/final-exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/9-real-world-scenarios-part1/final-exploit.py -------------------------------------------------------------------------------- /9-real-world-scenarios-part1/fuzzing.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/9-real-world-scenarios-part1/fuzzing.py -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Hamza-Megahed/pentest-with-shellcode/HEAD/README.md --------------------------------------------------------------------------------