Back to For Beginners

What is shellcode ?

For Beginners

Started by logout April 10, 2004 10:01 AM

4 comments, last by logout 20 years ago

logout

122

Author

April 10, 2004 10:01 AM

Okay i have heard and seen these shellcodes .. like: "\x55" "\x89\xE5\x53\xC6\x45\xFC\x63\xC6\x45\xFD\x6D\xC6\x45\xFE\x64\xC6\x45\xFF\x00\x68" "\x05\x00\x00\x00\x8D\x45\xFC\x50\xB8\xC6\x84\xE6\x77\xFF\xD0\x68\x01\x00\x00\x00" "\xB8\xB5\x5C\xE7\x77\xFF\xD0"; Now I wonder wtf is shellcode ?

JuNC

236

April 10, 2004 10:23 AM

I didn't know either, so a quick google turns up that shell code is a potential security exploit. That code you've turned up is actually assembler encoded as a C string. If you write that string to a file and disassemble it you get:

 PUSH    BP MOV     BP,SP PUSH    BX MOV     BYTE PTR [DI-04],63 MOV     BYTE PTR [DI-03],6D MOV     BYTE PTR [DI-02],64 MOV     BYTE PTR [DI-01],00 DB      68 ADD     AX,0000 ADD     [DI+FC45],CL PUSH    AX MOV     AX,84C6 OUT     77,AL CALL    AX

(assuming 16bit prefix of course, otherwise the registers will be eax etc.)

What it will actually do depends on the context of where you found it. It could be malicious.

EDIT: Actually the 32bit version makes more sense:

00000000  55                push ebp00000001  89E5              mov ebp,esp00000003  53                push ebx00000004  C645FC63          mov byte [ebp-0x4],0x6300000008  C645FD6D          mov byte [ebp-0x3],0x6d0000000C  C645FE64          mov byte [ebp-0x2],0x6400000010  C645FF00          mov byte [ebp-0x1],0x000000014  6805000000        push dword 0x500000019  8D45FC            lea eax,[ebp-0x4]0000001C  50                push eax0000001D  B8C684E677        mov eax,0x77e684c600000022  FFD0              call eax00000024  6801000000        push dword 0x100000029  B8B55CE777        mov eax,0x77e75cb50000002E  FFD0              call eax00000030  00                db 0x00

[edited by - JuNC on April 10, 2004 11:27:17 AM]

logout

122

Author

April 10, 2004 11:59 AM

I got that pice of google...

So what is shellcode used for ???

Ademan555

361

April 10, 2004 12:11 PM

Well if you knew assembly youd know that woudlnt you? :-D so go learn it.... and then teach me... please... lol
-Dan

When General Patton died after World War 2 he went to the gates of Heaven to talk to St. Peter. The first thing he asked is if there were any Marines in heaven. St. Peter told him no, Marines are too rowdy for heaven. He then asked why Patton wanted to know. Patton told him he was sick of the Marines overshadowing the Army because they did more with less and were all hard-core sons of bitches. St. Peter reassured him there were no Marines so Patton went into Heaven. As he was checking out his new home he rounded a corner and saw someone in Marine Dress Blues. He ran back to St. Peter and yelled "You lied to me! There are Marines in heaven!" St. Peter said "Who him? That's just God. He wishes he were a Marine."

TylerK

122

April 10, 2004 12:38 PM

Shellcode is exactly what the name says...code to open a shell on the operating system. If someone were trying to gain unauthorized access to a system by using an exploit to execute arbitrary code on that system, what they would most likely want to open is a command shell...hence the shell code.

LessBread

1,415

April 10, 2004 12:58 PM

On windows a shell is also known as a command prompt or console window - also colloquially known as a "DOS Box".

"I thought what I'd do was, I'd pretend I was one of those deaf-mutes." - the Laughing Man

What is shellcode ?

This topic is closed to new replies.

Popular Topics

Recommended Tutorials

What is shellcode ?

This topic is closed to new replies.

Popular Topics

Recommended Tutorials

Reticulating splines