Saturday, 22 August 2015

x86 Linux ShellCode Writing 101: What is ShellCoding?

What is this thing called Shellcode you might ask?

Well, It is defined as a set of carefully crafted instructions which are injected and then executed by a vulnerable application. It directly manipulates the registers using the vulnerability and that is why it is generally written in assembler and translated into opcodes. ShellCode written in a high level language like C/C++/Java will not work after injecting because of some nuances.

According to WikiPedia, ShellCode is:

In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability.

The Word "ShellCode" basically refers to the original purpose of a ShellCode which is to spawn a root shell where one can execute commands of any sort.
But It certainly does not mean that spawning a shell is all one can do with ShellCode; People have refined the art of shellcoding to do more than just that.

Creating ShellCode is a multi stage process and to learn this art, you must be pretty good at the Assembly of the system you are writing the shellcode for.
Here is an example to better understand What I mean when I say the journey from ASM to ShellCode

Exit ShellCode Example:

section .text

global _start

    mov al, 1
    xor ebx, ebx
    int 0x80



So, What exactly is happening here?

I wrote a code in x86 Assembly Language on a 32bit Linux distribution using the System calls provided by the Linux system, then I compiled it into an ELF binary which is the file format for Linux systems. I then went ahead and disassembled it along with its opcodes which were "b0, 01, 31, db, cd, 80" and this is what we needed for our shellcode. The next phase is pretty easy which is to put all these opcodes in the hex format using " \x'opcode' ".

Since this was just an Introduction to what shellcode really is, I decided to not make it into a tutorial to make your own shellcode. I will soon make a tutorial that will make the use of all the tools needed to get your own working shellcode from scratch. Till then, Stay Tuned!

No comments:

Post a Comment