Questions tagged [shellcode]

In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode.

231 questions
127
votes
2 answers

How do ASLR and DEP work?

How do Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) work, in terms of preventing vulnerabilities from being exploited? Can they be bypassed?
Polynomial
  • 132,208
  • 43
  • 298
  • 379
31
votes
4 answers

I feel like it's impossible to learn reverse engineering

I know how to use most of the tools in Kali like msfvenom and msfconsole and I can safely call myself a script kiddie. I learned the basics of C# and that helps me understand some of the things in C, but I still get easily lost. I know the basics…
Nikolay Atanasov
  • 451
  • 1
  • 5
  • 10
22
votes
8 answers

PHP malware/shell keeps resurrecting

So I've been fighting this problem for months now and decided that it's beyond my limited (if at all) server skills, and that I need help from the pros. I have a VPS (with root access) which hosts several different PHP websites, some of which are…
An Phan
  • 321
  • 1
  • 2
  • 6
21
votes
3 answers

Is it possible to write shellcode in C++?

Usually I write assembly programs and then dump their contents to get the shellcode. What I was wondering is whether I could write a C++ program instead of assembly, then dump and use that instead of the assembly?
John Doe
  • 319
  • 2
  • 3
19
votes
1 answer

Could someone explain parts of the FBI's Firefox 0-day?

Here is the full Javascript (and related iframes) that the FBI apparently injected into all "Freedom Hosting" pages in the course of their recent takedown. http://pastebin.mozilla.org/2776374 The variable "magneto" looks very much like…
Anorov
  • 654
  • 4
  • 8
19
votes
2 answers

How "leaking pointers" to bypass DEP/ASLR works

I was wondering if anyone could give me some clues on how "leaking pointers" to bypass DEP/ASLR work. I read here: The only way to reliably bypass DEP and ASLR is through an pointer leak. This is a situation where a value on the stack, at a…
John Smith
  • 509
  • 1
  • 5
  • 8
19
votes
1 answer

How does shellcode really run?

I read the book "The Shellcoders Handbook", and in it there is some C code which will execute shellcode (it will only call exit syscall). char shellcode[] = “\xbb\x00\x00\x00\x00\xb8\x01\x00\x00\x00\xcd\x80”; int main(){ int *ret; ret =…
18
votes
1 answer

NOPS in Metasploit

Problem I do not know what a "NOP" is in Metasploit Framework or otherwise. What I do know Metasploit Unleashed says, "Nops keep the payload sizes consistent." A few question posts mention buffer overflows. What I would like to know Why do Nops keep…
gal
  • 649
  • 2
  • 6
  • 12
15
votes
1 answer

What does the NSA's Recently Leaked "The Equation Group" Files do?

First Hand Details: TEG (The Equation Group) is NSA's team of hackers who'd write code to exploit systems worldwide. Some of the private files were recently dropped by a group called Shadow Brokers & they've auctioned it in exchange for BTC bids ..…
Shritam Bhowmick
  • 1,602
  • 14
  • 28
11
votes
2 answers

NX bit: does it protect the stack?

I once heard the NX bit was a panacea, then that it was not. One detail I've wondered about though: Does the NX (no execute) bit protect against code inserted into the stack and executed there? It seems to me that the stack, because it's not the…
Franch
  • 153
  • 1
  • 1
  • 4
11
votes
1 answer

Does analysing Malicious code in gdb pose a security risk?

I have encountered a Malicious Shell-Code & i have ported the shellcode into a compatible C Code which can run the shellcode, i compiled it using gcc -fno-stack-protector -z execstack shellcode.c -o code which gives output ELF file code, i am…
9
votes
2 answers

How does getting a remote shell via exploiting a vulnerability really work?

I can understand what a buffer overflow is and that it allows you to write in places of the memory that you shouldn't be able to. I can also grasp the concept that there may be other software vulnerabilities out there that work in some different way…
hytromo
  • 229
  • 2
  • 7
9
votes
1 answer

Better way to import Win32 APIs from injected shellcode

I'm injecting native x86 code into a .NET application, via a TLS callback in the binary image. Unfortunately, .NET executables only import mscorlib.dll within the PE, and have kernel32.dll mapped automatically into the memory space at runtime. I…
Polynomial
  • 132,208
  • 43
  • 298
  • 379
8
votes
1 answer

Program getting exploited inside gdb, new shell is spawned but terminated immediately

I am trying to exploit a SUID program. The program is: #include #include #include #include #define e(); if(((unsigned int)ptr & 0xff000000)==0xca000000) { setresuid(geteuid(), geteuid(), geteuid());…
8
votes
3 answers

How to determine the size of payloads available in MetaSploit

I've noticed that there are a lot of different payloads to choose from in MetaSploit, and the choice (assuming there's enough room in the target) usually depends on what you're trying to do. However, from what I understand the payloads vary in size…
Freedom_Ben
  • 300
  • 1
  • 2
  • 10
1
2 3
15 16