What is shellcode?
Shellcode is a set of instruction written in machine code which is generally used as payload in the exploitation of software vunerability. Since it starts with command shell that’s why it is named as Shellcode.
It’s the sampel of shellcode:
“\x48\x65\x6c\x6c\x6f\x20\x57\x6f\x72\x6c\x64\x21\x0a”
It stands for ‘Hello World!’.
For writing shellcode, you must familiar with Assembly Language programming and target hardware architecture. You can’t write shellcode for 32bit architecture and run in it 64bit architecture because the instruction codes that are loaded into the memory layout is also different.
If you write a program with c language, run it in 32bit architecture, the instruction codes will be loaded above stack but in 64bit it will be loaded above the heap.
It depend also on Operating System used. That’s why shellcode is designed for specific target system that take advantages its vulnerability.
Efficiency is needed when you wrote shellcode because it related with the size of buffer.
In this tutorial, I run the shellcode under Linux Ubuntu 18.04.4 LTS 32 bit in docker container. My hardware architecture is AMD ryzen 64bit. For programming I use gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 for compiling c code, NASM version 2.13.02 for compiling assembly code and GNU objdump (GNU Binutils for Ubuntu) 2.30 for display machine code.
Writing shellcode also a bit tricky.
I give you an example.
Below is the assembly code to display “hello word!”.
Assembly code 1 (hello1)
1 section .text
2 global _start
3
4 _start:
5
6 ;Display Message
7 mov eax,4 ;syswrite=4
8 mov ebx,1 ;stdout=1
9 mov ecx,msg
10 mov edx,lenmsg
11 int 0x80 ;System Call
12
13 ;Exit
14 mov eax,1
15 mov ebx,0
16 int 0x80
17
18 section .data
19 msg db 'Hello World!',0xa
20 lenmsg equ $ - msg
I compile and run this code.
root@fc9fca692021:/home/darklinux# nasm -f elf32 hello1.asm -o hello1.o
root@fc9fca692021:/home/darklinux# ld hello1.o -o hello1
root@fc9fca692021:/home/darklinux# ./hello1
Hello World!
root@fc9fca692021:/home/darklinux#
It runs perfect.
(more…)
Read Full Post »