Friday, October 16, 2020

CyberMisc 101:sHELL Code 101

Another blogpost another great day in out hacker village.

Today we will learn about shellcode.Lets get started


What is shellcode?


Wikipedia comes again to help us: "In hacking, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell, some have suggested that the name shellcode is insufficient.[1] However, attempts at replacing the term have not gained wide acceptance. Shellcode is commonly written in machine code."

Now in a TL;DR version it's baisically the payload which is dropper when and exploit executed.


Now how does one gets to write shellcode ?

Well it's quite simple,back in the early days of computers every computer scientist did it;TL;DR will we resume to using assmbly language?Waaaatt!!! Assembly are you out of your mind?Yes as eveil it may sound it's not actually that hard.


Assembly 101

Now to make it simpler for you i will outline the process of the c compiler


source code -> compiler -> assembler -> linker -> binary object


Now you see the compiler,one of it's function is to generate assembly language.So let's see what is one of it's function

imagine that in our source code we have the following instruction:

int a = 13;

Now let me explain the process and the behind the scenes action: this means the the computer has to go to a memory page,and choose an address in which will store a variable naned a,of type int(a whole number) which stores at it's address value 13.SImple right?Now imagine that in assembly we will write exactly what we have said.

in assembly what we have written upper is like this

mov, $register,value

mov - is an instruction which says to the CPU to move(put) a value into a register(CPU) variable a value

$register - a CPU variable


at

1 comment:

  1. TestOctober 30, 2020 at 8:24 AM

    Hi

    Hi

    As we have discussed during the class, we should have at least 10 posts before the approaching deadline of continuous assessment

    •Introduction Post - 3
    1. Welcome
    2. Introduction
    3. Current skills
    •Initial Ideas on Major Project - 2
    1. Initial Idea One
    2. Initial Idea Two
    •Chosen Project Theme and Further Research Posts -2/3
    1. Project Theme
    2. Computer Ethics (1/2 posts on this)
    •Project Plan - 2
    1. Project plan
    2. Gantt-chart
    •Research Essay - 3
    1. Introduction
    2. Main Body
    3. Conclusion (including reference list as Harvard style of referencing)

    Many thanks
    Chirag

    ReplyDelete

Subscribe to: Post Comments (Atom)

libprotobuf&libfuzz Part 2.

 We just dissect the source code from this guy's repo:https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning we will use sam...

  • libprotobuf&libfuzz Part 1.
    0x1.Introduction Protocol Buffers        I s a protocol that serializes data structures.It was developed by Google, and it is a language-ind...
  • Fuzzing with libafl
     Introduction to libFuzzer libFuzzer is part of the LLVM package.It allows you to integrate the coverage-guided fuzzer logic into your C/C++...
  • ESSAY ON WHY DEVELOPERS SHOULD START HACKING
           In the previous years,we have seen a continuous growing of cyber breaches and attack.Most of them arose due to some coding mistake,ei...