# Kali Linux Tool: nasm Training
## Section 1: Introduction
nasm (Netwide Assembler) is a powerful assembly language compiler that is widely used for low-level programming and security research, particularly in the realm of pentesting. It allows security professionals and developers to write and manipulate assembly code, which can be crucial for tasks such as reverse engineering, exploit development, and understanding binary formats.
### Installation and Configuration on Kali Linux
Before we delve into the usage and applications of nasm, let's begin by installing it on your Kali Linux system. Kali Linux typically comes with nasm pre-installed, but in case it's not available, you can install it via the package manager.
#### Step 1: Update your Package Index
Open your terminal and type the following command to ensure your package index is up-to-date:
"`bash
sudo apt update
"`
#### Step 2: Install nasm
To install nasm, use the following command:
"`bash
sudo apt install nasm
"`
#### Step 3: Verify Installation
After installation, you can verify that nasm is installed correctly by checking its version:
"`bash
nasm -v
"`
You should see output indicating the version of nasm that is installed. For example:
"`
NASM version 2.15.05 compiled on Jan 1 2021
"`
### Step-by-Step Usage and Real-World Use Cases
Now that we have nasm installed, let’s explore how to use it. We will walk through a simple example to create a "Hello, World!" assembly program and explore more complex implementations related to pentesting.
#### Example 1: Hello, World! Program
1. **Create the Source File**
First, create a new file called `hello.asm`. You can use any text editor, such as `nano` or `vim`:
nano hello.asm
Add the following assembly code to the file:
[/dm_code_snippet]asm
section .data
msg db 'Hello, World!', 0xA ; our string with a newline
section .text
global _start ; the entry point
_start:
; write our string to stdout
mov rax, 1 ; syscall: write
mov rdi, 1 ; file descriptor: stdout
mov rsi, msg ; pointer to string
mov rdx, 14 ; length of string
syscall ; invoke operating system to do the write
; exit
mov rax, 60 ; syscall: exit
xor rdi, rdi ; exit code 0
syscall ; invoke operating system to exit
[/dm_code_snippet]
2. **Assemble the Program**
Use nasm to assemble the code into an object file:
nasm -f elf64 hello.asm -o hello.o
3. **Link the Program**
Next, link the object file to create an executable using `ld`:
ld hello.o -o hello
4. **Run the Program**
Finally, run the executable:
./hello
You should see the output:
[/dm_code_snippet]
Hello, World!
[/dm_code_snippet]
#### Example 2: Shellcode Creation
One of the powerful uses of nasm in the field of cybersecurity is shellcode creation. Shellcode refers to a small piece of code used as the payload in the exploitation of a software vulnerability.
**Creating a Simple Shellcode**
In this example, we will create shellcode that spawns a simple shell.
1. **Create Shellcode File**
Create a new file called `shellcode.asm`:
nano shellcode.asm
Add the following shellcode to the file:
[/dm_code_snippet]asm
section .text
global _start
_start:
; invoke execve("/bin/sh", NULL, NULL)
xor rax, rax ; clear rax
push rax ; push NULL terminator
push 0x68732f2f ; push "//sh"
push 0x6e69622f ; push "/bin"
mov rdi, rsp ; pointer to "/bin//sh"
push rax ; NULL for argv[]
push rdi ; pointer to argv[]
mov rsi, rsp ; pointer to argv[]
mov al, 59 ; syscall: execve
syscall ; invoke operating system
[/dm_code_snippet]
2. **Assemble the Shellcode**
Assemble the shellcode:
nasm -f elf64 shellcode.asm -o shellcode.o
3. **Link the Shellcode**
Link it to create the executable:
ld shellcode.o -o shellcode
4. **Run the Shellcode**
Execute your shellcode:
./shellcode
After running this code, you should have a shell prompt indicating that you've successfully executed shellcode.
### Detailed Technical Explanations
#### Assembly Language Basics
Assembly language is a low-level programming language that is closely related to machine code. Each assembly instruction corresponds to a specific operation in the machine language of the CPU. Some key concepts include:
– **Registers**: Small storage locations within the CPU that are used for operations.
– **Instructions**: Commands that tell the CPU to perform specific operations, such as moving data or executing a function.
– **Syscalls**: Interrupts that request a service from the operating system kernel.
#### Syscalls and Linux Assembly
In Linux, syscalls allow a program to request services from the kernel. The syscall interface is the mechanism through which your assembly code interacts with the operating system. For instance:
– `mov rax, 1` indicates a syscall to write to stdout.
– `mov rax, 60` indicates a syscall to exit the program.
Each syscall has a specific number, and the parameters for the syscall are typically passed in specific registers (e.g., `rdi`, `rsi`, `rdx`).
### Real-World Use Cases in Pentesting
– **Exploit Development**: Understanding assembly language and constructing shellcode is crucial for developing exploits for vulnerable applications.
– **Reverse Engineering**: Analyzing binaries and understanding their behavior often requires knowledge of assembly language.
– **Malware Analysis**: Cybersecurity professionals need to analyze and understand malware, which often involves low-level programming constructs.
### External Reference Links
For more detailed information about nasm and assembly programming, consider the following resources:
– [NASM Official Documentation](https://www.nasm.us/doc/)
– [Linux Assembly Guide](http://www.linuxassembly.org/)
– [Introduction to Reverse Engineering](https://www.coursera.org/learn/reverse-engineering)
### Conclusion
In this section, we covered the basics of installing and configuring nasm on Kali Linux, illustrated its usage through simple examples, and explored its application in real-world pentesting scenarios. Understanding assembly language and tools like nasm is essential for anyone looking to delve deeper into the world of cybersecurity and penetration testing.
Made by pablo rotem / פבלו רותם