In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode.
Questions tagged [shellcode]
231 questions
5
votes
1 answer
NX bit causes segfault on NOP slide?
doing an assignment for university.
We have to exec a shell on a remote server. We're told the NX bit is not set, however, when we redirect to our injected code, the server has a segmentation fault. Am I right in thinking that the bit is, in fact,…
![](../../users/profiles/16640.webp)
Richard
- 385
- 2
- 9
5
votes
4 answers
Is it possible to execute a local file or code from cURL?
I wonder if it is possible to execute bash code or a local file from cURL, that is, using the following syntax:
curl "local file"
I was looking for possible solutions and found that to read the local files of the system can be done with "file://"…
![](../../users/profiles/167341.webp)
Julián
- 249
- 1
- 4
- 10
5
votes
1 answer
Reverse Bash Shell one liner
I know that when the following code is run a reverse bash shell is created from the victim's computer to the attacker's computer. Can someone please explain to me the significance of the number "196"?
0<&196;exec 196<>/dev/tcp//
![](../../users/profiles/142893.webp)
LazyTrout17
- 153
- 1
- 5
5
votes
1 answer
Error Running command shell :TimeoutError Operation Time out
I am Testing a Payload linux/x86/meterpreter/reverse_tcp in my Test Linux network to Exploit, I got a Meterpreter Session by Metasploit using it, I tried several commands like getuid, cat and all those are working fine, But the command shell is not…
![](../../users/profiles/108946.webp)
Gerorge Timber
- 464
- 5
- 17
5
votes
2 answers
Shellcode in a jpg/png
If it's possible to write shellcode in a jpg file, why aren't all the webapps where you can upload an image infected?
In a client computer, is it necessary exploit the jpg viewer in order to run the shellcode?
![](../../users/profiles/106017.webp)
Peter11
- 127
- 1
- 2
- 7
4
votes
3 answers
Program exiting after executing int 0x80 instruction when running shellcode
In school I was given an assignment to perform a buffer overflow, which would execute some shellcode and open a new shell. After a bit of fiddling the buffer overflow succeeded, and when I ran the exploit in GDB it says that the program is executing…
![](../../users/profiles/9479.webp)
EscalatedQuickly
- 153
- 1
- 8
4
votes
3 answers
Clamav can't detect encoded virus files
I have a PHP sheller file (like c99 file) but it's encoded with this functions:
eval(gzinflate(base64_decode("7P3rehblahblah"))
The clamav virus scan can't detect it. How can I detect a virus and sheller like that?
![](../../users/profiles/39788.webp)
Jason
- 41
- 1
- 2
4
votes
2 answers
How do arbitrary payloads execute on the remote machine?
I understand executing something like a reverse TCP bind via shell relies on resources being available on the victim machine... and in the case of running a, shall we say, Ruby script from the command line it will be interpreted down to machine code…
![](../../users/profiles/34855.webp)
DawnFreeze
- 73
- 6
4
votes
2 answers
How to deal with MySQL's Errcode 13 when trying to write a shell
My attack machine is running Kali and the server is running CentOS 6.4 with DVWA.
I'm trying to write a shell through an SQL injection. The payload is
' UNION SELECT '', '' INTO OUTFILE…
![](../../users/profiles/15194.webp)
The Illusive Man
- 10,487
- 16
- 56
- 88
4
votes
3 answers
Is writing shellcode still a valid skill to have/learn?
Following up from this question: Should I bother teaching buffer overflows any more?
I am a it sec researcher and also security course instructor. Recently questions have been raised about the validity of buffer overflow, buffer overflow techniques…
![](../../users/profiles/15951.webp)
Pham Trung Nghia
- 85
- 7
4
votes
2 answers
Instruction Overwrites with Garbage?
I am practicing a function return address overwriting exploit. However, the program instruction pointer instead gets overwritten by gibberish. I have tried compiling with -fno-builtin and -fno-stack-protector, but nothing seems to change the…
![](../../users/profiles/91684.webp)
Stone True
- 2,022
- 2
- 17
- 25
4
votes
1 answer
Where in a binary can '/bin/sh' be written to get a shell?
I've come across some behaviour in a CTF challenge that seems very strange and I was wondering if someone could help me understand it.
The CTF challenge was the can-you-gets-me challenge in PicoCTF2018.
It was a ROP challenge (32-bit), and in my…
![](../../users/profiles/194711.webp)
Zack
- 143
- 6
4
votes
3 answers
Are there any tools that focus on shellcode analysis?
Shellcode presents certain challenges for disassembly. It often self-modifies, jumps to the stack (where the shellcode will likely be placed), and relies on certain unusual tricks that standard disassembly tools don't focus on.
With this in mind,…
![](../../users/profiles/5400.webp)
Polynomial
- 132,208
- 43
- 298
- 379
4
votes
1 answer
Execute Shellcode embedded into a picture?
Somebody told me it is possible to insert shellcode into an image or pdf file and execute the shellcode if the image or pdf file was opened. I know that this could be possible if the application (for example Adobe Reader) is vulnerable to a buffer…
![](../../users/profiles/178793.webp)
Bowmann
- 57
- 3
4
votes
2 answers
Why do we need to remove null bytes from shell code?
I'm studying the basics of making shell codes. I have a question about it.
In my textbook, the author stores his shell code in an environment variable, and injects the address of it using strcpy() in a program.
When he makes his shell code, he…
![](../../users/profiles/176989.webp)
John Smith
- 41
- 1
- 3