🌄
Shikata Ga Nai
  • Shikata Ga Nai
  • General
  • Gaining Access
    • Nmap
    • Reverse Shell
    • Password Cracking
    • Other Services
      • 21 - FTP
      • Enumerating SMB
    • Web
      • Web Enumeration
      • XSS
      • File Inclusion
      • SQL Injection
  • Linux Foothold
    • Linux Tricks
    • Privesc
  • Windows Foothold
    • Privesc
  • Binary
    • Calling Conventions
    • Debuggers
    • Examining Binaries
    • Shellcoding
    • Bypassing Exploit Mitigation Techniques [Linux]
  • Stego
    • Stego tools
Powered by GitBook
On this page
  • Creating Shellcode
  • Relative Shellcoding

Was this helpful?

  1. Binary

Shellcoding

PreviousExamining BinariesNextBypassing Exploit Mitigation Techniques [Linux]

Last updated 4 years ago

Was this helpful?

Creating Shellcode

  1. Write assembly code [].

  2. Assemble: nasm -f elf shellcode.asm

  3. Link: ld -o shellcode shellcode.o

  4. Extract opcodes: objdump -d shellcode

Relative Shellcoding

To make the shellcode more portable we don't want to rely on hardcoded values. To do so we want to hold a meaningful address in a register and work relative to it.

Here is an example of such a technique:

We use call to push the next address to the stack and jump to our shellcode. That address is then put into esi and thus we can use esi for relative addressing. To get to call we place a jmp at the very start of the shellcode.

Linux syscall table