Shellcoding

Creating Shellcode

Write assembly code [Linux syscall table].
Assemble: nasm -f elf shellcode.asm
Link: ld -o shellcode shellcode.o
Extract opcodes: objdump -d shellcode

Relative Shellcoding

To make the shellcode more portable we don't want to rely on hardcoded values. To do so we want to hold a meaningful address in a register and work relative to it.

Here is an example of such a technique:

We use call to push the next address to the stack and jump to our shellcode. That address is then put into esi and thus we can use esi for relative addressing. To get to call we place a jmp at the very start of the shellcode.

PreviousExamining Binaries NextBypassing Exploit Mitigation Techniques [Linux]

Last updated 3 years ago