Lernkarten
What is shellcode?
Shellcode is the code we want to upload to the remote system
Our "evil code"
It is a set of instructions injected and executed by exploited software
Wikipedia:
In hacking, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode.
How does a shellcode work?
- Assemble instructions
- Native code which perfoms a certain action (like starting a shell)
What are the proerties of shellcode?
Shellcode properties:
- Should be small
- Because we maybe have small buffers in the vulnerable program
- Position independent
- Don't know where it will be loaded in the vulnerable program
- No Null Characters (0x00)
- Strcpy etc. will stop copying after Null bytes
- Self-Contained
- Don't reference anything outside of shellcode
What are syscalls, why do we use them, what are the alternatives?
In a syscall we ask the kernel to do something for us
Why syscalls?
- Makes it easy to create shellcode
- Direct interface to the kernel
Alternative:
- Call LIBC code; write()
- Problem: Don't know where write() is located!
What is a syscall (acording to man page)?
The syscall (system call) is the fundamental interface between an application and the Linux kernel.
What can be controlled with a syscall in a process?
Process Control:
- load
- execute
- end, abort
- create process (for example, fork)
- terminate process
- get/set process attributes
- wait for time, wait event, signal event
- allocate, free memory
Name some things that can be done with syscalls in regard to file management.
File management:
- create file, delete file
- open, close
- read, write, reposition
- get/set file attributes
What are file descriptors?
File descriptors?
- 0: Stdin
- 1: Stdout
- 2: Stderr
and also:
- Files
- Sockets (Network)
