Karten 20 Karten
Lernende 1 Lernende
Sprache English
Stufe Universität
Erstellt / Aktualisiert 21.06.2019 / 28.06.2020
Lizenzierung Keine Angabe
0 Exakte Antworten 20 Text Antworten 0 Multiple Choice Antworten
Fenster schliessen

What is shellcode?

Shellcode is the code we want to upload to the remote system

Our "evil code"

It is a set of instructions injected and executed by exploited software



In hacking, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode. 

Fenster schliessen

How does a shellcode work?

  • Assemble instructions
  • Native code which perfoms a certain action (like starting a shell)
Fenster schliessen

What are the proerties of shellcode?

Shellcode properties:

  • Should be small
    • Because we maybe have small buffers in the vulnerable program
  • Position independent
    • Don't know where it will be loaded in the vulnerable program
  • No Null Characters (0x00)
    • Strcpy etc. will stop copying after Null bytes
  • Self-Contained
    • Don't reference anything outside of shellcode
Fenster schliessen

What are syscalls, why do we use them, what are the alternatives?

In a syscall we ask the kernel to do something for us

Why syscalls?

  • Makes it easy to create shellcode
  • Direct interface to the kernel


  • Call LIBC code; write()
  • Problem: Don't know where write() is located!
Fenster schliessen

What is a syscall (acording to man page)?

The syscall (system call) is the fundamental interface between an application and the Linux kernel.

Fenster schliessen

What can be controlled with a syscall in a process?

Process Control:

  • load
  • execute
  • end, abort
  • create process (for example, fork)
  • terminate process
  • get/set process attributes
  • wait for time, wait event, signal event
  • allocate, free memory
Fenster schliessen

Name some things that can be done with syscalls in regard to file management.

File management:

  • create file, delete file
  • open, close
  • read, write, reposition
  • get/set file attributes
Fenster schliessen

What are file descriptors?

File descriptors?

  • 0: Stdin
  • 1: Stdout
  • 2: Stderr

and also:

  • Files
  • Sockets (Network)