Shellcode, Assembler & Machine Code.

In computer security, a shellcode is a small piece of code used as the 'payload' in the exploitation of a software vulnerability.

It is called 'shellcode' because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode.

Modern 'Intrusion Detection Systems' (IDS) have means of detecting common shellcodes being passed to defended machine. But such code can be disguised.

Shellcode is (perhaps always) an assembler program that is translated to encoded form.

Assembler programs use mnemonics and macros. Assemblers are tool for humans, they allow to write code easier, instead of looking at strange language. (strings of binary numbers for example).


 photo shellcode_casm_zpse03cc467.png

Code is slightly different after compilation and disassembly, probably optimized for specific computer system. It's equivalent, it still does it's job of spawning command shell. Perhaps there's difference between 'xor' and 'xorl' instructions (many things can be affected, from flags to speed of such instruction). Or just different notation, different mnemonics for the same processor instructions.


(x86 assembler program. ran & analyzed.):

// clear eax register

  xorl %eax,%eax

// push /bin//sh + string terminator (0) on stack, from end to beginning, because of architecture.

  pushl %eax
  pushl $0x68732f2f
  pushl $0x6e69622f

// prepare registers for function call.

  movl %esp,%ebx

// push function parameters on stack in preparation for function call.

  pushl %eax
  pushl %ebx

// prepare registers for function call.

  movl %esp,%ecx
  xorl %edx,%edx

// call function execve.

  movb $0xb, %al
  int $0x80


can be encoded as hexadecimal number character string:

31 c0 50 68 2f 2f 73 68 68 2f 62 69 6e 89 e3 50 53 89 e1 31 d2 b0 0b cd 80

'Perhaps' there are machines that can use this hexadecimal number string as language to program them, as their machine code that can be executed on them without translation or compilation.

Virtual or not.

If not, then perhaps they can be realized....

I do not see technical difficulties with this, for there are programmable processors for example....

Even if my knowledge of hardware is limited, from programmer's viewpoint any device can be programmed.

thus, machine code is even closer to hardware (lower-level) than assembler code, which for example uses macros, and is compiled to machine-dependent machine code.

Source: Wikipedia.

see also, if You wish or need ... : 'Buffer Overflow' Hacking Attack.

Shell-storm: (one of shellcode databases).

(shellcode is small in size, thus easy to analyze. it's better to use someone's work this way than to create it anew, because programmer's time also costs).

No comments:

Post a Comment