Stack Overflow
Stack Overflow

Questions tagged [shellcode]

A shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability.

Shellcodes get that name because they typically start a command shell from which the attacker can control the compromised machine. Shellcode is commonly written in machine code, but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell, some have suggested that the name shellcode is insufficient.

Shellcode can either be local or remote, depending on whether it gives an attacker control over the machine it runs on (local) or over another machine through a network (remote).

681 questions
-1
votes
1 answer

What does this C snippet mean?

I'm a noob at shellcodes and I'm trying to understand all scenarios. I have found many codes to test my shellcodes in C, but to my surprise they are very unreadeable and I can't understand neither this code: int (*func)(); func = (int (*)())…
Cami Rodriguez
  • 1,057
  • 4
  • 14
  • 30
-1
votes
1 answer

Why is this the structure of the exploit

So I tried following a tutorial: https://sploitfun.wordpress.com/2015/05/08/classic-stack-based-buffer-overflow/ I was struggling with figuring out the order of the exploit code, atleast in someway. I don't get the reason for first putting NOPS and…
Jonathan
  • 119
  • 1
  • 10
-1
votes
2 answers

(radare2, shellcode) int 0x80 jumping to invalid address

I'm executing a 32bit program (my arch is 64bit). Vulnerable code: #include #include void main(int argc, char *argv[]) { copier(argv[1]); printf("Done!\n"); } int copier(char *str) { char buffer[100]; …
Tosi Do
  • 113
  • 1
  • 4
-1
votes
1 answer

X64 ASSEMBLY - Cannot run compiled and linked raw shellcode in Windows

After using metasploit's windows/x64/meterpreter/reverse_tcp shellcode on my windows 10 machine (with AVs turned off), I decided to try to create a hand-made polymorphic, null-free and custom-encoded version of the same shellcode (with the hope of…
adam
  • 179
  • 1
  • 1
  • 12
-1
votes
1 answer

Handling strings in shellcode

I'm trying to solve a CTF task from pwnable.kr (toddlers bottle, asm) in which I have to write a "shellcode", which will open, read and write contents of file (containing the flag). My code is as follows: global _start section .text _start: jmp…
Mr M.
  • 715
  • 1
  • 8
  • 24
-1
votes
2 answers

C shellcode execution issue

I recently get interested in Metasploit, and I was trying to execute some shellcode from C code. So i've generated with msfvenom a shellcode for LHOST = 127.0.0.1 and LPORT = 714 (so if you want to run the shellcode, no problem because localhost)…
Survivor
  • 11
  • 3
-1
votes
1 answer

This shellcode and headache

Good afternoon. I've been looking for a while what's happening with this shellcode. This is the asm code: add esp, 0x3c xor eax, eax xor ebx, ebx xor ecx, ecx xor edx, edx mov al, 102 ; __NR_socketcall inc bl ;…
Arget
  • 31
  • 2
-1
votes
1 answer

Assembly/Shellcode getting system (host)name

So, for a course in school we are trying to find an assembly code which would find the system hostname (i.e. what's printed out when running "hostname" or "uname -n" in the terminal). But after a lot of googling, we are stuck. The thing is, the…
Mattedatten
  • 69
  • 6
-1
votes
1 answer

run shellcode stored in dynamically allowed memory

I have the following wich run a shellcode which works fine: unsigned char original[] = "\xd9\xee\xd9\x74\x24\xf4\x58\xbb\xa6\xfb\x51\x8f\x33\xc9\xb1" "\x62\x83\xe8\xfc\x31\x58\x16\x03\x58\x16\xe2\x53\x07\xb9\x0d" …
isoman
  • 742
  • 2
  • 9
  • 34
-1
votes
5 answers

Reverse engineering assembly code to C

Would someone please provide me with assistance disassembling the shell code below (in the comment section) and also explain to me the role of the last line of code? # include # include # include const char code []…
sasuke
  • 145
  • 1
  • 10
-1
votes
1 answer

please help me understand this main() code

Please could someone help me understand what's going on here. on the main program actually. #include char shellcode[] = "\xbb\x14\x00\x00\x00", "\xb8\x01\x00\x00\x00","\xcd\x00"; int main() { int *ret ret = (int *) &ret + 2; …
user3118363
  • 337
  • 4
  • 13
-1
votes
1 answer

need to detect any possible buffer overflows

hi guys i need some help with this code. i want to know if there is any buffer overflow in this code. basically this is an exercise for my university. we need to exploit it to open a shell. until now we have studied buffer overflows and format…
poli mi
  • 21
  • 1
  • 5
-1
votes
1 answer

Null Free Shellcode - Register Offset of 10 bytes

I need to enter bytes into a python script. I need to do an offset of 10 bytes from the register %ebx in assembly: 89 43 0a mov $eax,0xa(%ebx) I should mention that when I run this script, I dump these bytes (and others) into a file. The contents…
AndroidDev
  • 20,466
  • 42
  • 148
  • 239
-1
votes
2 answers

Kernel exploit shellcode

I want to write shellcode for kernel mode on 32-bit Linux that will do this: commit_creds (prepare_kernel_cred(0)); So I create a file with: xor eax, eax call 0x1234567 call 0x1234568 ret Where 0x1234567 is the address of prepare_kernel_cred and…
ioctlvoid
  • 311
  • 1
  • 3
  • 7
-1
votes
1 answer

Are the old days of code injection over?

I was wondering since all updated operating systems guard against stack and heap type overflows via ASLR, Canary Checks, and other such methods, are memory corruption exploits still prevalent? Given that the administrator of the system is competent…
Dr.Knowitall
  • 10,080
  • 23
  • 82
  • 133
1 2 3
45 46