January 10, 2008 at 6:02 am #1961JJJHS13Participant
Sorry i didn’t really know where to put this question. I want to write my own shell but i have no clue where to start, which programing languages to learn. Ive been trying to get articles from packet storm but they mainly just have exploits, i found a couple of articles searching the web and only got tips on securing shells but i cant find a decent one on how to write my own. If you could give me starting point it would be much appreciated.
January 10, 2008 at 2:23 pm #15370AnonymousParticipant
You might want to learn to walk before you start running with scissors in your hand. But if you’re looking to learn about exploits and shellcode then looking at existing exploits is not a bad place to start.
Developing exploit code is not really dependent on a specific language you can write an exploit in perl, python, C or Assembly for example. Shellcode is generally written in C and converted to ASM in order to reduce the size of the payload. If you look at one of the exploits on Milw0rm.com you will see the payload represented by something like the following:
char code = “x31xc0xb0x46x31xdbx31xc9xcdx80xeb”
This is the hex representation of the bytecode. This shellcode is for a bind shell on a linux platform. It makes a call to execve() in order to spawn a shell using /bin/sh. Gotta love “int 0x80”!
Obviously, writing shellcode for each OS platform is different and requires a different approach.
There are some excellent books on the subject as well such as:
Sockets, Shellcode, Porting and Coding by James Foster
As for Google: try “writing shellcode” <– got me hundreds of hits.
January 11, 2008 at 4:58 am #15371JJJHS13Participant
hey thanks man
January 11, 2008 at 5:51 pm #15372Clay BriggsParticipant
I picked up a shell code hack book earlier this year.. and after the first chapter I realized without a solid knowledge of C and assembly language.. I was wasting my time even reading it. It’s on my shelf until next year or so. Running with scissors is an understatement.
January 15, 2008 at 10:42 am #15373dannioniParticipant
I’ve got Gray Hat Hacking this week, I haven’t read all of it, but for Table of Contents I’d say this is just the book you’re looking for. Of course prior experience with C/C++/ASM is helpful you can get by without it, at least with this book.
January 15, 2008 at 6:01 pm #15374Don DonzalKeymaster
If anyone wants to check out the entire chapter in Grey Hat Hacking that introduces you to coding, it’s right here on EH-Net:
Hope this helps,
- You must be logged in to reply to this topic.