WEBVTT

00:01.440 --> 00:07.440
Before we proceed further with actually writing Schenkel, let us try to understand the process that

00:07.440 --> 00:08.440
we are going to follow.

00:09.600 --> 00:12.780
We will write the functionality in a high level language.

00:12.780 --> 00:20.130
Like see, for instance, you want to write RiverCity official code before writing the actual shell

00:20.130 --> 00:21.150
code itself.

00:21.390 --> 00:24.840
It's a good idea to write the code in C language.

00:25.050 --> 00:32.760
And then we use estrus against the compiler C program because Astreus output will tell you what this

00:32.760 --> 00:38.550
calls are used in that C program so that we can use the same system in our assembly code.

00:39.420 --> 00:45.720
Once we identify the is being used to get the actual functionality that we want, we will have to know

00:45.720 --> 00:49.080
what arguments are needed for those Ciscos.

00:50.310 --> 00:56.190
In addition to the arguments to the discounts, we will also have to identify the fiscal numbers that

00:56.190 --> 00:58.200
are needed to invoke the fiscal.

00:59.240 --> 01:06.170
Every school will have a number using which we can invoke this school after all of this.

01:06.380 --> 01:12.560
We will ride our assembly code using the knowledge we have gained so far in the assembly code.

01:12.740 --> 01:20.270
We are going to use the schools and their associated arguments, and then they will also have to remember

01:20.270 --> 01:24.860
to avoid null bikes, null bikes usually break shall code.

01:25.220 --> 01:32.390
For instance, if you pass shall code with no right to steer S.P.I function, it will stop copying the

01:32.630 --> 01:36.180
code onto the stack as soon as an element is found.

01:36.980 --> 01:43.030
This is because Astar S.P.I thinks that it's the end of the string when are null by despond.

01:43.610 --> 01:45.500
Now we are avoiding null bytes.

01:45.500 --> 01:50.870
At a minimum, the vulnerable program may have more bad characters, but we are not going to deal with

01:50.870 --> 01:51.880
that at the moment.

01:52.340 --> 01:59.780
Let's only worry about null bytes and let's try to avoid them while writing our code and the last and

01:59.780 --> 02:06.980
final step, we will extract the usable cell code from the alpha binary that is produced from the assembly

02:06.980 --> 02:07.330
code.

02:08.060 --> 02:08.660
That's it.

02:08.720 --> 02:14.450
These are the seven steps that we will try to follow wherever we can while writing shall code in this

02:14.450 --> 02:14.900
module.

02:15.780 --> 02:23.460
Just to reiterate, we will write the C program, we will stress it, we will get the details of what

02:23.460 --> 02:29.760
this calls are used, and we will use the man pages of those calls to know the arguments.

02:29.910 --> 02:32.850
And then finally, we will write the assembly code.

02:33.900 --> 02:40.380
We will try to avoid nail bites and finally extract the shell code from the alpha binary, so that's

02:40.380 --> 02:41.100
the process.

02:41.340 --> 02:44.200
We are going to write Exit Chilcote in the next video.

02:44.580 --> 02:45.240
See you there.