Stack Overflow
Stack Overflow

Questions tagged [shellcode]

A shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability.

Shellcodes get that name because they typically start a command shell from which the attacker can control the compromised machine. Shellcode is commonly written in machine code, but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell, some have suggested that the name shellcode is insufficient.

Shellcode can either be local or remote, depending on whether it gives an attacker control over the machine it runs on (local) or over another machine through a network (remote).

681 questions
-2
votes
1 answer

Mistake in x86 shellcode

I want to write assembly code that should run the following c function: execv("/bin/sh", ["/bin/sh", 0]) I therefore wrote the following assembly code: start: call main db '/bin/sh',7 main: xor edx, edx mov eax, 11 pop ebx …
nemo
  • 25
  • 1
  • 10
-2
votes
3 answers

Pointers to function

What does this code mean? char code[] = "bytecode will go here!"; int main(int argc, char **argv) { int (*func)(); /* This is pointer to function */ func = (int (*)())code; /* What does this line mean? */ (int)(*func)(); /* Calling…
Sebastian Rockefeller
  • 539
  • 4
  • 18
-2
votes
1 answer

reading hex values from a file in c

As a part of an assignment I'm working on, I'm trying to read hex values from a file using the following code steps: char buf[2048]; FILE *fp = fopen("/home/httpd/AS1/binary.bin", "r"); fgets(buf, 1024, fp); I created a binary file that has values…
PaNed
  • 21
  • 1
  • 1
  • 1
-2
votes
1 answer

I need some clarification on how shellcode is interpreted?

I've been learning how to write exploits using stack-based buffer overflows and, the one thing I cannot comprehend is just how the code (I believe "Machine Code") is interpreted and used. What I am talking about is the "/x3b/x09..." used in the…
Nooble
  • 562
  • 7
  • 17
-3
votes
1 answer

Run raw shellcode inside c, compiled to exe

What i have tried: I opened the Opera-Setup installer .exe with HXD and exported it to c-sourcecode I put the shellcode of the output inside a main function to execute like following: #include int main() { unsigned char…
learningaspiring918
  • 1
-3
votes
1 answer

How can I exploit a segfault and run a shell command?

Following this: How can I exploit a buffer overflow? I have a code compiled using -fno-stack-protector: #include void shellcode(){ printf("\n Reached shellcode!"); } int main(int argc, char **argv){ char buf[3]; sprintf(buf,…
code0x00
  • 543
  • 3
  • 18
-3
votes
2 answers

stack overflow code in c for writing exploit

I am attempting to launch a shell in my Linux environment (BT3) but it keeps seg faulting. The method that I'm using is out of The Shellcoder's HandBook. Note that all of this is straight out of the text. For more reference:…
bhavis
  • 13
-3
votes
1 answer

C Shellcode 32bit vs 64bit

I wrote a program that writes a function to a file, then loads said file and executes the function. This code works without a problem when I compile for 32bit, but when I set my compiler to 64bit the program crashes. #include
Sinnlosername
  • 17
  • 4
-3
votes
2 answers

Convert ASCII to unicode string in C/C++ (APIless)

I know I can convert ASCII to unicode strings using MultiByteToWideChar but I want an APIless solution. The only difference is that unicode is 2 bytes compared to ASCII, which is 1. Should be something like the following, but it doesn't work. The…
nop
  • 4,711
  • 6
  • 32
  • 93
-3
votes
1 answer

Decoded shellcode doesn't execute: Illegal instruction: 4

I have a c application that decodes a base64 string that contains some shellcode and attempts to execute it and it seems to successfully decode but when it is executed the error Illegal instruction: 4 occurs. This is most of the code: unsigned char…
Silent Person
  • 1
  • 4
-3
votes
1 answer

call windows API function using a shellcode

Goal I am trying a simple shellcode exercise - call "OutputDebugStringA" on a remote process using CreateRemoteThread that will activate a shellcode - this exercise is without dll injection! problem I dont know the address of "OutputDebugStringA" at…
ohad
  • 7
  • 6
-3
votes
2 answers

Assembly works, but shellcode does not

I have a x64 processor and I'm looking into shellcode. I have the following code: section .text global _start _start: push rax mov rbx, 0x68732f6e69622f2f shr rbx, 0x8 push rbx mov rdi, rsp ;mov rdi, com mov al, 59 …
Ervin
  • 55
  • 1
  • 7
-3
votes
1 answer

Aleph one code - buffer overflow

I got this code of aleph one: shellcode.h #if defined(__i386__) && defined(__linux__) #define NOP_SIZE 1 char nop[] = "\x90"; char shellcode[] = "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" …
Elad Doocker
  • 197
  • 11
-3
votes
1 answer

How is shellcode generated from C? - With code example

I started taking an online course regarding software security. In one of the sections, I was instructed to execute a hidden C function using a buffer overflow. I got to thinking: what would happen if I could pass machine instruction directly to a…
motoku
  • 1,571
  • 1
  • 21
  • 49
-3
votes
2 answers

accessing a function that is defined after main

I have a C source file that I'm not allowed to change and it is defined as follows: int main(int argc, char *argv[]) { //doing something return 0 } void __magic() { __asm__("jmp %esp"); } I do not use the fucntion __magic in my code,…
Lazybeem
  • 105
  • 6
1 2 3
45
46