What is shellcode ?
Okay i have heard and seen these shellcodes ..
like:
"\x55"
"\x89\xE5\x53\xC6\x45\xFC\x63\xC6\x45\xFD\x6D\xC6\x45\xFE\x64\xC6\x45\xFF\x00\x68"
"\x05\x00\x00\x00\x8D\x45\xFC\x50\xB8\xC6\x84\xE6\x77\xFF\xD0\x68\x01\x00\x00\x00"
"\xB8\xB5\x5C\xE7\x77\xFF\xD0";
Now I wonder wtf is shellcode ?
I didn't know either, so a quick google turns up that shell code is a potential security exploit. That code you've turned up is actually assembler encoded as a C string. If you write that string to a file and disassemble it you get:
(assuming 16bit prefix of course, otherwise the registers will be eax etc.)
What it will actually do depends on the context of where you found it. It could be malicious.
EDIT: Actually the 32bit version makes more sense:
[edited by - JuNC on April 10, 2004 11:27:17 AM]
PUSH BP MOV BP,SP PUSH BX MOV BYTE PTR [DI-04],63 MOV BYTE PTR [DI-03],6D MOV BYTE PTR [DI-02],64 MOV BYTE PTR [DI-01],00 DB 68 ADD AX,0000 ADD [DI+FC45],CL PUSH AX MOV AX,84C6 OUT 77,AL CALL AX
(assuming 16bit prefix of course, otherwise the registers will be eax etc.)
What it will actually do depends on the context of where you found it. It could be malicious.
EDIT: Actually the 32bit version makes more sense:
00000000 55 push ebp00000001 89E5 mov ebp,esp00000003 53 push ebx00000004 C645FC63 mov byte [ebp-0x4],0x6300000008 C645FD6D mov byte [ebp-0x3],0x6d0000000C C645FE64 mov byte [ebp-0x2],0x6400000010 C645FF00 mov byte [ebp-0x1],0x000000014 6805000000 push dword 0x500000019 8D45FC lea eax,[ebp-0x4]0000001C 50 push eax0000001D B8C684E677 mov eax,0x77e684c600000022 FFD0 call eax00000024 6801000000 push dword 0x100000029 B8B55CE777 mov eax,0x77e75cb50000002E FFD0 call eax00000030 00 db 0x00
[edited by - JuNC on April 10, 2004 11:27:17 AM]
Well if you knew assembly youd know that woudlnt you? :-D so go learn it.... and then teach me... please... lol
-Dan
-Dan
Shellcode is exactly what the name says...code to open a shell on the operating system. If someone were trying to gain unauthorized access to a system by using an exploit to execute arbitrary code on that system, what they would most likely want to open is a command shell...hence the shell code.
On windows a shell is also known as a command prompt or console window - also colloquially known as a "DOS Box".
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement