Stack Overflow
Stack Overflow

Questions tagged [shellcode]

A shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability.

Shellcodes get that name because they typically start a command shell from which the attacker can control the compromised machine. Shellcode is commonly written in machine code, but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell, some have suggested that the name shellcode is insufficient.

Shellcode can either be local or remote, depending on whether it gives an attacker control over the machine it runs on (local) or over another machine through a network (remote).

681 questions
29
votes
2 answers

Linux Shellcode "Hello, World!"

I have the following working NASM code: global _start section .text _start: mov eax, 0x4 mov ebx, 0x1 mov ecx, message mov edx, 0xF int 0x80 mov eax, 0x1 mov ebx, 0x0 int 0x80 section .data message: db "Hello,…
user1408643
  • 731
  • 2
  • 7
  • 14
26
votes
5 answers

Stack Smashing attempt giving segfault

I am trying to do an example from the Smashing the Stack for Fun and Profit in C, but am kind of stuck at a point, following is the code (I have a 64-bit machine with Ubuntu 64-bit): int main() { int x; x = 0; func(1,2,3); x = 1; …
user60103
  • 321
  • 4
  • 6
19
votes
2 answers

Shellcode for a simple stack overflow: Exploited program with shell terminates directly after execve("/bin/sh")

I played around with buffer overflows on Linux (amd64) and tried exploiting a simple program, but it failed. I disabled the security features (address space layout randomization with sysctl -w kernel.randomize_va_space=0 and nx bit in the bios). It…
henning
  • 193
  • 1
  • 1
  • 5
16
votes
4 answers

Shellcode in C program

In Demystifying the Execve Shellcode is explained a way to write an execve shellcode: #include #include unsigned char code[] =…
user720694
  • 2,035
  • 6
  • 35
  • 57
15
votes
1 answer

Shellcode in C - What does this mean?

I'm not really getting how this code does what it does: char shellcode[] = "\xbb\x00\x00\x00\x00" "\xb8\x01\x00\x00\x00" "\xcd\x80"; int main() { int *ret; …
user1284923
  • 173
  • 1
  • 6
15
votes
7 answers

can anyone explain this code to me?

WARNING: This is an exploit. Do not execute this code. //shellcode.c char shellcode[] = "\x31\xc0\x31\xdb\xb0\x17\xcd\x80" "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" …
0xab3d
  • 527
  • 1
  • 6
  • 14
14
votes
7 answers

How to get c code to execute hex machine code?

I want a simple C method to be able to run hex bytecode on a Linux 64 bit machine. Here's the C program that I have: char code[] = "\x48\x31\xc0"; #include int main(int argc, char **argv) { int (*func) (); func = (int…
Nosrettap
  • 10,940
  • 23
  • 85
  • 140
14
votes
2 answers

Testing a shellcode

I have this piece of code to test a shellcode but I don't understand it so can anyone explain it to me? Forget about the assembly shellcode, what I want to understand is the C code, char shellcode[] = "..."; int main(int argc, char **argv) { int…
0xab3d
  • 527
  • 1
  • 6
  • 14
12
votes
1 answer

Why can the execve system call run "/bin/sh" without any argv arguments, but not "/bin/ls"?

I am confused with the syscall of __NR_execve. When I learn linux system call. The correct way that I know to use execve is like this: char *sc[2]; sc[0]="/bin/sh"; sc[1]= NULL; execve(sc[0],sc,NULL); Then the function execve will call…
Arvin Hsu
  • 181
  • 1
  • 1
  • 10
11
votes
1 answer

Exactly what cases does the gcc execstack flag allow and how does it enforce it?

I have some example code here which I'm using to understand some C behaviour for a beginner's CTF: // example.c #include void main() { void (*print)(); print = getenv("EGG"); print(); } Compile: gcc -z…
Isaac
  • 1,371
  • 3
  • 14
  • 36
11
votes
4 answers

Loading raw code from C program

I'm writing a program that loads and executes code from file. But i got a problem: "write" syscall does not work. Code successfully loads and executes, but does not display any text on the screen. Program that loads code: #include < stdio.h…
Alexey
  • 113
  • 6
11
votes
3 answers

is it possible to make a function execute code from a string on the stack?

#include int main(int argc, char** argv) { void (*p) (void); /* this obviously won't work, but what string could I put in here (if anything) to make this execute something meaningful? Does any OS allow instructions…
user389094
  • 111
  • 1
  • 5
11
votes
1 answer

why can't Javascript shellcode exploits be fixed via "data execution prevention"?

The "heap spraying" wikipedia article suggests that many javascript exploits involve positioning a shellcode somewhere in the script's executable code or data space memory and then having interpreter jump there and execute it. What I don't…
EndangeringSpecies
  • 1,564
  • 1
  • 17
  • 39
10
votes
2 answers

Difference between declaring shellcode as a char[] array and char*?

Hi all, I'm trying to learn basic shellcoding and I've run across something curious that I hope someone can explain to me. I've compiled the following code two ways: declaring the shellcode as an array and as a char*. When I declare shellcode as an…
dani
  • 237
  • 3
  • 7
10
votes
1 answer

Need to exploit buffer overflow. Can't figure out how to uncorrupt the stack after executing exploit code?

Basically the function I am exploiting is this: int getbufn() { char buf[512]; Gets(buf); return 1; } When I run the main program the function executes 5 times and each time the location of buf changes and so does the location of…
michael60612
  • 397
  • 2
  • 10
1
2 3
45 46