ROWAREZ
rowarez hacking forum
|
Lista Forumurilor Pe Tematici
|
ROWAREZ | Reguli | Inregistrare | Login
POZE ROWAREZ
Nu sunteti logat.
|
Nou pe simpatie:
Popa Bianca
 | Femeie
25 ani
Valcea
cauta Barbat
25 - 63 ani |
|
Gamer
Administrator
 Din: Transilvania
Inregistrat: acum 14 ani
Postari: 202
|
|
WHAT IS SHELLCODE?
Shellcode is a piece of machine-readable code, or script code that has just one mission; to
open up a command interpreter (shell) on the target system so that an “attacker” can type in
commands in the same fashion as a regular authorized user or system administrator of that
system can do (with a few not-so-important exceptions of course). However, in order to get
remote access to the shell, you're going to need some kind of networking support
1
in that
shellcode too. There's more to shellcoding than just having a program execute /bin/sh or
cmd.exe. This white paper will introduce you to shellcodes, how they're used in practice,
and how they are used with buffer overflow vulnerabilities.
Since it's important that the shellcode is very small, the shellcode hacker usually writes the
code in the assembly programming language. In this white paper I will be using x86 Intel
syntax assembly under Linux. The GNU compiler (gcc) uses AT&T syntax, which is
somewhat different from Intel syntax. All assembly examples can be compiled with Netwide
Assembler (nasm) – – a portable Intel syntax
assembler available for a wide variety of operating systems. nasm is readily available in
most GNU/Linux distributions.
WHAT ABOUT THE CODE IN SHELLCODE?
Shellcode is primarily used to exploit buffer overflows (including heap overflows) or format
string bugs in binary, machine-readable software. In these software, the shellcode has to be
machine-readable too, and to make things more complicated – it can't contain any null
bytes (0x00). Null (0) is a string delimiter which instructs all C string functions (and other
implementations) to, once found, stop processing the string (thus, a null-terminated string).
There are other delimiters like linefeed (0x0A), carriage return (0x0D), 0xFF, and others.
Some depend on how the programmer wrote the program (or the vulnerable function that
handles input) and other implementations depend on underlying C library functions or 3
rd
party libraries, etc.
In this introduction I am going to focus on the null delimiter. We don't want an input
function to stop processing our shellcode since we want to inject (upload) the entire
shellcode into the vulnerable program and “tell it” to execute it. The example on the next
page can be compiled using nasm and ld with the following command:
Code:
$ nasm -f bin minisc.asm
$ ld -s -o minisc minisc.o |
http://www.4shared.com/office/qpED2jau/intro_to_shellcoding.html
_______________________________________
Citeşte regulamentul forumului aici.
|
|
| pus acum 14 ani |
|