The first assigment for the SLAE64 certification asks to write a TCP Bind Shell shellcode that listens on a port and then executes a shell after verifying a “passcode” on successful connection.

For the basic structure of a Bind Shell TCP, please refer to assignment 5 and to related assignment for the SLAE32 certification.

In order to verify the passcode, a code section has been added after the dup2 cycle, in order to perform a read syscall which puts the 8 bytes read on the stack and compares with the hardcoded passcode (acceptme).

If the comparison is successful, then the execve is performed: Bind TCP - Example with successful connection and passcode

If the submitted passcode is wrong, the program exits with status code 6: Reverse TCP - Example with wrong passcode submitted

Customization Utility

In order for the reverse shell to be customizable, the BindShell-Skeleton.nasm file has been created with a placeholders to be filled with appropriate chosen port (line 23).

Given that the bytes have to be inserted as XOR-ed with 0xFF, in order to avoid null ones, the comes handy as it just requires to be executed passing the IP and Port for the connection as parameters, and appropriate value will be calculated and presented to the user: Bind TCP - Python utility

The following screenshot shows the shell listening on port 5859, for which the parameter has been generated with the Python utility: Bind TCP - PoC of the Python utility on port 5859

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:

Student ID: PA-29059
GitHub repository:

This assignment has been written on a Kali Linux 2021.1 64-bit virtual machine:

└─$ uname -a
Linux kali 5.10.0-kali3-amd64 #1 SMP Debian 5.10.13-1kali1 (2021-02-08) x86_64 GNU/Linux