Skape??™s
paper, ???Understanding Windows??™s Shellcode,??? picks up where the LSoD paper leaves off,
covering many additional topics as well. Many of the Metasploit payloads for Windows
utilize techniques covered in Skape??™s paper.
Gray Hat Hacking: The Ethical Hacker??™s Handbook
196
Basic Shellcode
Given that we can inject our own code into a process, the next big question is ???what code
dowe wish to run???? Certainly, having the full power that a shell offerswould be a nice first
step. It would be nice if we did not have to write our own version of a shell (in assembly
language, no less) just to upload it to a target computer that probably already has a shell
installed. With that in mind, the technique that has become more or less standard typically
involves writing assembly code that launches a new shell process on the target computer
and causes that process to take input from and send output to the attacker. The
easiest piece of this puzzle to understand turns out to be launching a new shell process,
which can be accomplished through use of the execve system call on Unix-like systems
and via the CreateProcess function call on Microsoft Windows systems. The more complex
aspect is understanding where the new shell process receives its input and where it
sends its output.
Pages:
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384