The typical solution is to combine the
encoded shellcode with a small decoding loop that executes first to decode our actual
payload then, once our shellcode has been decoded, transfers control to the newly
decoded bytes. This process is shown in Figure 9-7.
When you plan and execute your exploit to take control of the vulnerable application,
you must remember to transfer control to the decoding loop, which will in turn
transfer control to your actual shellcode once the decoding operation is complete. It
should be noted that the decoder itself must also adhere to the same input restrictions as
the remainder of our buffer. Thus, if our buffer must contain nothing but alphanumeric
characters, we must find a decoder loop that can be written using machine language
bytes that also happen to be alphanumeric values. The next chapter presents more
detailed information about the specifics of encoding and about the use of the
Metasploit Framework to automate the encoding process.
Self-Corrupting Shellcode
A very important thing to understand about shellcode is that like any other code it
requires storage space while executing. This storage space may simply be variable storage
as in any other program, or it may be a result of placing parameter values onto the stack
prior to calling a function.
Pages:
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400