Hi JJJHS13,

You might want to learn to walk before you start running with scissors in your hand. But if you're looking to learn about exploits and shellcode then looking at existing exploits is not a bad place to start.

Developing exploit code is not really dependent on a specific language you can write an exploit in perl, python, C or Assembly for example. Shellcode is generally written in C and converted to ASM in order to reduce the size of the payload. If you look at one of the exploits on Milw0rm.com you will see the payload represented by something like the following:

char code[] = "\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb"\
         "\x16\x5b\x31\xc0\x88\x43\x07\x89\x5b\x08\x89"\
         "\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d\x53\x0c\xcd"\
         "\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f"\
         "\x73\x68\x58\x41\x41\x41\x41\x42\x42\x42\x42";

This is the hex representation of the bytecode. This shellcode is for a bind shell on a linux platform. It makes a call to execve() in order to spawn a shell using /bin/sh. Gotta love "int 0x80"!

Obviously, writing shellcode for each OS platform is different and requires a different approach.

There are some excellent books on the subject as well such as:

Sockets, Shellcode, Porting and Coding by James Foster

As for Google: try "writing shellcode" <-- got me hundreds of hits.

dean

I picked up a shell code hack book earlier this year.. and after the first chapter I realized without a solid knowledge of C and assembly language.. I was wasting my time even reading it.  It's on my shelf until next year or so.  Running with scissors is an understatement.

If anyone wants to check out the entire chapter in Grey Hat Hacking that introduces you to coding, it's right here on EH-Net:

Grey Hat Hacking - Chapter 7: Programming Survival Skills

Hope this helps,
Don