{"id":527,"date":"2023-02-01T15:58:11","date_gmt":"2023-02-01T14:58:11","guid":{"rendered":"https:\/\/mindshield.eu\/?p=527"},"modified":"2023-03-23T15:03:49","modified_gmt":"2023-03-23T14:03:49","slug":"narnia1","status":"publish","type":"post","link":"https:\/\/mindshield.eu\/index.php\/2023\/02\/01\/narnia1\/","title":{"rendered":"\ud83e\udd81\u00a0Narnia 1"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"527\" class=\"elementor elementor-527\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4100140 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4100140\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1cf8aff\" data-id=\"1cf8aff\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7e350ff elementor-widget elementor-widget-heading\" data-id=\"7e350ff\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\"><span role=\"img\" aria-label=\"\ud83e\udd81\" style=\",EmojiSymbols;line-height:1em;font-size:1em\"><img decoding=\"async\" role=\"img\" class=\"emoji\" alt=\"\ud83e\udd81\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/1f981.svg\">&nbsp;Narnia<\/span><\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f446d66 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f446d66\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5cbed38\" data-id=\"5cbed38\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3310df6 elementor-widget elementor-widget-text-editor\" data-id=\"3310df6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Si vous n\u2019\u00eates pas encore familier avec les challenges Narnia, je vous recommande de commencer par le 1er article sur Narnia0 : <a href=\"http:\/\/mindshield.eu\/index.php\/2023\/02\/01\/narnia_0\/\">https:\/\/mindshield.eu\/index.php\/2023\/02\/01\/narnia_0\/<\/a><\/p><p>\u00a0<\/p><p>Pour rappel, le but de ce guide n\u2019est pas de vous donner la r\u00e9ponse, mais plut\u00f4t de vous y amener par la compr\u00e9hension. Ainsi, <b>il ne contient pas de flag<\/b>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b6a027f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b6a027f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2866f8c\" data-id=\"2866f8c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d7397c0 elementor-toc--minimized-on-tablet elementor-widget elementor-widget-table-of-contents\" data-id=\"d7397c0\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;exclude_headings_by_selector&quot;:[],&quot;headings_by_tags&quot;:[&quot;h2&quot;,&quot;h3&quot;,&quot;h4&quot;,&quot;h5&quot;,&quot;h6&quot;],&quot;marker_view&quot;:&quot;numbers&quot;,&quot;no_headings_message&quot;:&quot;No headings were found on this page.&quot;,&quot;minimize_box&quot;:&quot;yes&quot;,&quot;minimized_on&quot;:&quot;tablet&quot;,&quot;hierarchical_view&quot;:&quot;yes&quot;,&quot;min_height&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]}}\" data-widget_type=\"table-of-contents.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__header\">\n\t\t\t\t\t\t<h4 class=\"elementor-toc__header-title\">\n\t\t\t\tTable des Mati\u00e8res\t\t\t<\/h4>\n\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--expand\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__d7397c0\" aria-expanded=\"true\" aria-label=\"Open table of contents\"><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/div>\n\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--collapse\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__d7397c0\" aria-expanded=\"true\" aria-label=\"Close table of contents\"><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<div id=\"elementor-toc__d7397c0\" class=\"elementor-toc__body\">\n\t\t\t<div class=\"elementor-toc__spinner-container\">\n\t\t\t\t<i class=\"elementor-toc__spinner eicon-animation-spin eicon-loading\" aria-hidden=\"true\"><\/i>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-787b5a9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"787b5a9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-69daa7c\" data-id=\"69daa7c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2dbd8a9 elementor-widget elementor-widget-heading\" data-id=\"2dbd8a9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Narnia1<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7ef0cf2 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7ef0cf2\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ca64d73\" data-id=\"ca64d73\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3688407 elementor-widget elementor-widget-text-editor\" data-id=\"3688407\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Si mes explications ont \u00e9t\u00e9 suffisamment claires et pr\u00e9cises et que vous avez \u00e9t\u00e9 pers\u00e9v\u00e9rant, vous avez normalement obtenu le mot de passe du compte <code>narnia1<\/code>.<\/p><p><span style=\"font-size: 18px;color: var( --e-global-color-text );font-family: var( --e-global-typography-text-font-family ), Sans-serif;font-weight: var( --e-global-typography-text-font-weight )\">Nous pouvons ainsi cr\u00e9er une nouvelle session SSH avec cet utilisateur.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d0cde60 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d0cde60\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b14d2ca\" data-id=\"b14d2ca\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-36612aa elementor-widget elementor-widget-heading\" data-id=\"36612aa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">D\u00e9couverte<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9665dda elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9665dda\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6777e1d\" data-id=\"6777e1d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bf19289 elementor-widget elementor-widget-text-editor\" data-id=\"bf19289\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>De la m\u00eame mani\u00e8re que <span class=\"notion-enable-hover\" style=\"font-family: 'SFMono-Regular', Menlo, Consolas, 'PT Mono', 'Liberation Mono', Courier, monospace;line-height: normal;color: #eb5757;border-radius: 3px;font-size: 85%;padding: 0.2em 0.4em\" data-token-index=\"1\" data-reactroot=\"\">narnia0<\/span>, nous avons acc\u00e8s au code source de l\u2019ex\u00e9cutable <span class=\"notion-enable-hover\" style=\"font-family: 'SFMono-Regular', Menlo, Consolas, 'PT Mono', 'Liberation Mono', Courier, monospace;line-height: normal;color: #eb5757;border-radius: 3px;font-size: 85%;padding: 0.2em 0.4em\" data-token-index=\"3\" data-reactroot=\"\">narnia1<\/span> :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2881f7f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2881f7f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-af42447\" data-id=\"af42447\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-819442c elementor-widget elementor-widget-code-highlight\" data-id=\"819442c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-c line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-c\">\n\t\t\t\t\t<xmp>#include \r\n\r\nint main(){\r\nint (*ret)();\r\n\r\nif(getenv(\"EGG\")==NULL){\r\n    printf(\"Give me something to execute at the env-variable EGG\\\\n\");\r\n    exit(1);\r\n}\r\n\r\nprintf(\"Trying to execute EGG!\\\\n\");\r\nret = getenv(\"EGG\");\r\nret();\r\n\r\nreturn 0;\r\n}<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-42fc524 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"42fc524\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-77f1e51\" data-id=\"77f1e51\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e4a29f6 elementor-widget elementor-widget-text-editor\" data-id=\"e4a29f6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-size: 18px;color: var( --e-global-color-text );font-family: var( --e-global-typography-text-font-family ), Sans-serif;font-weight: var( --e-global-typography-text-font-weight )\">Pour faire simple, ce script lit la valeur de la variable d\u2019environnement \u201cEGG\u201d. Cette valeur est vide par d\u00e9faut. Nous pouvons lui configurer une valeur en tapant la commande :<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-51676d0 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"51676d0\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3615110\" data-id=\"3615110\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7d0486d elementor-widget elementor-widget-code-highlight\" data-id=\"7d0486d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-default copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>export EGG=test<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8d24056 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8d24056\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-181411f\" data-id=\"181411f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-338d362 elementor-widget elementor-widget-text-editor\" data-id=\"338d362\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Seulement, cela produit un <span style=\", Courier, monospace;line-height:normal;color:#EB5757;border-radius:3px;font-size:85%;padding:0.2em 0.4em\" data-token-index=\"1\" class=\"notion-enable-hover\" data-reactroot=\"\">Segmentation Fault<\/span>:<br><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9e9f13e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9e9f13e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e0725c9\" data-id=\"e0725c9\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7e7b5ac elementor-widget elementor-widget-image\" data-id=\"7e7b5ac\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"448\" height=\"91\" src=\"https:\/\/mindshield.eu\/wp-content\/uploads\/2022\/10\/Untitled-1-1.png\" class=\"attachment-large size-large wp-image-497\" alt=\"\" srcset=\"https:\/\/mindshield.eu\/wp-content\/uploads\/2022\/10\/Untitled-1-1.png 448w, https:\/\/mindshield.eu\/wp-content\/uploads\/2022\/10\/Untitled-1-1-300x61.png 300w\" sizes=\"(max-width: 448px) 100vw, 448px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6589969 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6589969\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-558a506\" data-id=\"558a506\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4528d08 elementor-widget elementor-widget-text-editor\" data-id=\"4528d08\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Cela signifie que le processeur ne comprend pas une instruction et que par cons\u00e9quent il ne peut pas l\u2019ex\u00e9cuter. Il s\u2019attend en effet \u00e0 une valeur de EGG soit ex\u00e9cutable\u2026<\/p><p>Apr\u00e8s diff\u00e9rentes tentatives, j\u2019ai fait quelques recherches sur comment je pourrais passer une<b> valeur compr\u00e9hensible par l&#8217;ordinateur<\/b>.<\/p><p>Et c\u2019est \u00e0 ce moment-l\u00e0 que j\u2019ai d\u00e9couvert les <b>shellcodes<\/b>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0c0bc4a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0c0bc4a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4b442d7\" data-id=\"4b442d7\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4d6e333 elementor-widget elementor-widget-heading\" data-id=\"4d6e333\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Qu'est-ce qu'un shellcode ?<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f2eae92 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f2eae92\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-65cef5b\" data-id=\"65cef5b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-45cb0ca elementor-widget elementor-widget-text-editor\" data-id=\"45cb0ca\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Un shellcode est un ensemble de caract\u00e8re qui est interpr\u00e9table par la machine.<\/p><p>\u00a0<\/p><p>Cela se pr\u00e9sente sous cette forme-ci :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b645052 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b645052\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ef74a03\" data-id=\"ef74a03\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-764f7d5 elementor-widget elementor-widget-code-highlight\" data-id=\"764f7d5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>\\xb8\\x04\\x00\\x00\\x00\\xbb\\x01\\x00\\x00\\x00\\xb9\\x00\\x00\\x00\\x00\\xba\\x0f\\x00\\x00\\x00\\xcd\\x80\\xb8\\x01\\x00\\x00\\x00\\xbb\\x00\\x00\\x00\\x00\\xcd\\x80<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9158d40 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9158d40\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6e600bb\" data-id=\"6e600bb\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9af0284 elementor-widget elementor-widget-text-editor\" data-id=\"9af0284\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Ce shellcode permet par exemple d\u2019afficher <code>Hello World<\/code>.<\/p><blockquote><p>Mais comment fabrique-t-on un shellcode ?! Me diriez-vous.<\/p><\/blockquote><p>Ce n\u2019est pas aussi compliqu\u00e9 que cela en a l\u2019air.<\/p><p><span style=\"color: #333333; font-size: 2.2em; font-weight: 600; font-family: var( --e-global-typography-text-font-family ), Sans-serif;\">R\u00e9flexion<\/span><\/p><p>La premi\u00e8re \u00e9tape de la \u201cfabrication\u201d d\u2019un shellcode est d\u2019\u00e9crire le programme en assembleur.<\/p><p>Par exemple, on souhaite afficher \u201cHello World\u201d :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d2ca5b1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d2ca5b1\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7913926\" data-id=\"7913926\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3549cee elementor-widget elementor-widget-code-highlight\" data-id=\"3549cee\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-c line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-c\">\n\t\t\t\t\t<xmp>section .text\r\n\r\nglobal _start\r\n\r\n\r\n_start:\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 jmp short ender ; on saute \u00e0 ender\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 starter:\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 xor rax, rax\u00a0\u00a0\u00a0 ;on nettoie les registres pour \u00eatre s\u00fbr qu'ils soient vides\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 xor rbx, rbx\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 xor rdx, rdx\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 xor rcx, rcx\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov al, 4\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ;on appelle la fonction write (syscall write)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov bl, 1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ;on veut \u00e9crire sur la sortie standard (stdout = 1)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 pop ecx\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ;on r\u00e9cup\u00e8re l'adresse m\u00e9moire de notre chaine sur la pile\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov dl, 11\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0;longueur de la chaine de caract\u00e8re\r\n\t\t\t\tint 0x80        ;appel syst\u00e8me pour executer la premi\u00e8re partie du code\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 xor rax, rax     ;on remet rax \u00e0 0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov al, 1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ;appel syst\u00e8me pour sortir (exit)\r\n\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0xor rbx,rbx     ; on remet \u00e0 0 le base pointer parce que c'est plus propre\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int 0x80        ; appel syst\u00e8me pour sortir\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ender:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 call starter\t;on appelle starter et on met l'adresse de la chaine sur la pile\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 db \"hello world\"<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b3dc17a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b3dc17a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-234f428\" data-id=\"234f428\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c0e1fcc elementor-widget elementor-widget-text-editor\" data-id=\"c0e1fcc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>On compile le code avec la commande :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-acdfe7a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"acdfe7a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b0d3a1b\" data-id=\"b0d3a1b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6677c40 elementor-widget elementor-widget-code-highlight\" data-id=\"6677c40\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>nasm -f elf64 hello.s<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-99a4017 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"99a4017\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ca1a09f\" data-id=\"ca1a09f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8b2c57d elementor-widget elementor-widget-text-editor\" data-id=\"8b2c57d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>On obtient un fichier en .o. Il nous suffit de le transformer en executable linux avec la commande :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-df84ae7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"df84ae7\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0013daa\" data-id=\"0013daa\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ce38143 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ce38143\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f77bbb2\" data-id=\"f77bbb2\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2d7597a elementor-widget elementor-widget-code-highlight\" data-id=\"2d7597a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>ld -s -o hello hello.o<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ab77021 elementor-widget elementor-widget-text-editor\" data-id=\"ab77021\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Cette commande permet de lier le code objet avec les librairies de l&#8217;OS et de cr\u00e9er un fichier ELF. On obtient ainsi un fichier ex\u00e9cutable, qui nous affiche bien \u201chello world\u201d si nous l\u2019ex\u00e9cutons.<\/p><p>\u00a0<\/p><p>En tapant la commande :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-af6ea5e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"af6ea5e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1d07f39\" data-id=\"1d07f39\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ccf3b8d elementor-widget elementor-widget-code-highlight\" data-id=\"ccf3b8d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>objdump -d hello<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0bbc33b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0bbc33b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1f8fc75\" data-id=\"1f8fc75\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-747d445 elementor-widget elementor-widget-text-editor\" data-id=\"747d445\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>On obtient la fonction d\u00e9sassembl\u00e9e, avec les adresses m\u00e9moires, en hexad\u00e9cimal de notre code :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-076f91b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"076f91b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-944d42d\" data-id=\"944d42d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-95ee712 elementor-widget elementor-widget-image\" data-id=\"95ee712\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"553\" height=\"492\" src=\"https:\/\/mindshield.eu\/wp-content\/uploads\/2022\/10\/objdump.png\" class=\"attachment-large size-large wp-image-498\" alt=\"\" srcset=\"https:\/\/mindshield.eu\/wp-content\/uploads\/2022\/10\/objdump.png 553w, https:\/\/mindshield.eu\/wp-content\/uploads\/2022\/10\/objdump-300x267.png 300w\" sizes=\"(max-width: 553px) 100vw, 553px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ab3d227 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ab3d227\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-062c7d8\" data-id=\"062c7d8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-77c78a4 elementor-widget elementor-widget-text-editor\" data-id=\"77c78a4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Encadr\u00e9 en rouge, vous pouvez voir notre code, en hexad\u00e9cimal, dans un langage compr\u00e9hensible par la machine. Ce sont ces caract\u00e8res qui vont composer notre shellcode.<\/p><p>\n<\/p><p>Voici ce que donne notre shellcode dans cet exemple :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d19c5ef elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d19c5ef\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-086ceb5\" data-id=\"086ceb5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5f16d59 elementor-widget elementor-widget-code-highlight\" data-id=\"5f16d59\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>\\x48\\x31\\xc0\\x48\\x31\\xdb\\x48\\x31\\xd2\\x48\\x31\\xc9\\xb0\\x04\\xb3\\x0b\\x59\\xb2\\x0b\\xcd\\x80\\x48\\x31\\xc0\\xb0\\x01\\x48x\\x31\\xdb\\xcd\\x80\\xe8\\xdc\\xff\\xff\\xff\\x68\\x65\\x6c\\x6c\\x6f\\x20\\x77\\x6f\\x72\\x6c\\x64<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-282d622 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"282d622\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8f68292\" data-id=\"8f68292\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-89d0a8f elementor-widget elementor-widget-text-editor\" data-id=\"89d0a8f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><p>\u00a0<img decoding=\"async\" class=\"\" role=\"img\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/26a0.svg\" alt=\"\u26a0\ufe0f\" width=\"19\" height=\"19\" \/> \u00a0<i>Attention : votre shellcode ne <strong>DOIT PAS<\/strong> contenir de<strong> \\x00<\/strong>, sinon il ne fonctionnera pas.<\/i><\/p><p><i>En effet, ce caract\u00e8re correspond \u00e0 la fin d&#8217;une chaine de caract\u00e8re. La suite du shellcode ne sera ainsi pas interpr\u00e9t\u00e9.<\/i><\/p><p><i>Pour r\u00e9soudre ce probl\u00e8me, il vous faudra utiliser les <strong>bonnes tailles de registres<\/strong>.<\/i><\/p><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f16587d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f16587d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9588c41\" data-id=\"9588c41\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-af270c0 elementor-widget elementor-widget-text-editor\" data-id=\"af270c0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Une fois votre shellcode cr\u00e9\u00e9, il ne vous reste plus qu\u2019\u00e0 l\u2019injecter dans la variable d\u2019environnement \u201cEGG\u201d.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6c1d961 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6c1d961\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-dedf4a3\" data-id=\"dedf4a3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c0b02fb elementor-widget elementor-widget-text-editor\" data-id=\"c0b02fb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<blockquote><p>\u26a0\ufe0f Attention : Votre shellcode doit pouvoir \u00eatre interpr\u00e9t\u00e9 comme du contenu ex\u00e9cutable. Vous ne pouvez pas simplement attribuer \u00e0 EGG la valeur du shellcode.<\/p><\/blockquote>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9e4b218 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9e4b218\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-20a97af\" data-id=\"20a97af\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-688107f elementor-widget elementor-widget-text-editor\" data-id=\"688107f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Pour cela nous allons nous aider de python !<\/p><p>\n<\/p><p>Gr\u00e2ce \u00e0 cette commande, nous allons pouvoir ex\u00e9cuter le shellcode :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2950fb6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2950fb6\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4b0f4c1\" data-id=\"4b0f4c1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7077312 elementor-widget elementor-widget-code-highlight\" data-id=\"7077312\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash line-numbers\">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>export EGG=$(python2 -c 'print(\"\\x48\\x31\\xc0\\x48\\x31\\xdb\\x48\\x31\\xd2\\x48\\x31\\xc9\\xb0\\x04\\xb3\\x0b\\x59\\xb2\\x0b\\xcd\\x80\\x48\\x31\\xc0\\xb0\\x01\\x48x\\x31\\xdb\\xcd\\x80\\xe8\\xdc\\xff\\xff\\xff\\x68\\x65\\x6c\\x6c\\x6f\\x20\\x77\\x6f\\x72\\x6c\\x64\")')<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-eed5856 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"eed5856\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5a77533\" data-id=\"5a77533\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1048b36 elementor-widget elementor-widget-text-editor\" data-id=\"1048b36\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong><em>Vous avez maintenant compris le fonctionnement d\u2019un shellcode ainsi que sa construction. Vous avez donc toutes les cartes en main pour r\u00e9soudre ce challenge. Il ne vous manque plus qu\u2019\u00e0 fabriquer un shellcode fonctionnel pour ce cas.<\/em><\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-12ce444 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"12ce444\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d1f79da\" data-id=\"d1f79da\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-07f4c0e elementor-widget elementor-widget-text-editor\" data-id=\"07f4c0e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Si vous n\u2019\u00eates pas \u00e0 l\u2019aise avec l\u2019assembleur, vous pouvez aussi utiliser des shellcodes pr\u00eat \u00e0 l\u2019emploi : <a class=\"notion-link-token notion-enable-hover\" style=\"cursor: pointer;color: inherit;text-decoration: inherit\" href=\"http:\/\/shell-storm.org\/shellcode\/\" target=\"_blank\" rel=\"noopener noreferrer\" data-token-index=\"1\" data-reactroot=\"\"><span class=\"link-annotation-unknown-block-id-436185713\" style=\"border-bottom: 0.05em solid\">shell-storm | Shellcodes Database<\/span><\/a> ou vous aider de Metasploit : <a class=\"notion-link-token notion-enable-hover\" style=\"cursor: pointer;color: inherit;text-decoration: inherit\" href=\"https:\/\/homputersecurity.com\/2017\/06\/01\/venom-le-generateur-de-shellcode-metasploit\/\" target=\"_blank\" rel=\"noopener noreferrer\" data-token-index=\"3\" data-reactroot=\"\"><span class=\"link-annotation-unknown-block-id-1630567763\" style=\"border-bottom: 0.05em solid\">Venom &#8211; Le g\u00e9n\u00e9rateur de shellcode Metasploit \u2013 Homputer Security<\/span><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c85503f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c85503f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8174129\" data-id=\"8174129\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a9b46f2 elementor-widget elementor-widget-heading\" data-id=\"a9b46f2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Ressources<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-39f898c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"39f898c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5b3f719\" data-id=\"5b3f719\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3614e6c elementor-widget elementor-widget-text-editor\" data-id=\"3614e6c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/www.vividmachines.com\/shellcode\/shellcode.html\">https:\/\/www.vividmachines.com\/shellcode\/shellcode.html<\/a> <\/br>\n\n<a href=\"https:\/\/www.cs.virginia.edu\/~evans\/cs216\/guides\/x86.html\">Guide to x86 Assembly (virginia.edu)<\/a>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>&nbsp;Narnia Si vous n\u2019\u00eates pas encore familier avec les challenges Narnia, je vous recommande de commencer par le 1er article sur Narnia0 : https:\/\/mindshield.eu\/index.php\/2023\/02\/01\/narnia_0\/ \u00a0 Pour rappel, le but de ce guide n\u2019est pas de vous donner la r\u00e9ponse, mais plut\u00f4t de vous y amener par la compr\u00e9hension. Ainsi, il ne contient pas de flag.&hellip; <br \/> <a class=\"button small blue\" href=\"https:\/\/mindshield.eu\/index.php\/2023\/02\/01\/narnia1\/\">Read more<\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[8,10,9],"class_list":["post-527","post","type-post","status-publish","format-standard","hentry","category-narnia_challenges","tag-challenge","tag-exploit","tag-shellcode"],"_links":{"self":[{"href":"https:\/\/mindshield.eu\/index.php\/wp-json\/wp\/v2\/posts\/527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mindshield.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mindshield.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mindshield.eu\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/mindshield.eu\/index.php\/wp-json\/wp\/v2\/comments?post=527"}],"version-history":[{"count":16,"href":"https:\/\/mindshield.eu\/index.php\/wp-json\/wp\/v2\/posts\/527\/revisions"}],"predecessor-version":[{"id":841,"href":"https:\/\/mindshield.eu\/index.php\/wp-json\/wp\/v2\/posts\/527\/revisions\/841"}],"wp:attachment":[{"href":"https:\/\/mindshield.eu\/index.php\/wp-json\/wp\/v2\/media?parent=527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mindshield.eu\/index.php\/wp-json\/wp\/v2\/categories?post=527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mindshield.eu\/index.php\/wp-json\/wp\/v2\/tags?post=527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}