Multistage Shellcode
In some cases, as a result of the nature of a vulnerability, the space available for the
attacker to inject shellcode into a vulnerable application may be limited to such a degree
that it is not possible to utilize some of the more common types of payloads. In cases
such as these, it may be possible to make use of a multistage process for uploading
shellcode to the target computer. Multistage payloads generally consist of two or more
stages of shellcode with the sole purpose of the first (and possibly later) stage being to
read more shellcode, then pass control to the newly read-in second stage, which will
hopefully contain sufficient functionality to carry out the majority of the work.
System Call Proxy Shellcode
While the ability to obtain a shell as a result of an exploit may sound like an attractive
idea, it may also be a risky one if it is your goal to remain undetected throughout your
attack. Launching new processes, creating new network connections, and creating new
files are all actions that are easily detected by security-conscious system administrators.
Gray Hat Hacking: The Ethical Hacker??™s Handbook
202
As a result, payloads that do none of the above, yet provide the attacker with a full set of
capabilities for controlling a target, were developed.
Pages:
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394