Introducing shellcoding
If you played around with the last example in the previous section, you should have seen that execution tried to jump to 0xdeadbeef
. (We used deadbeef
because it's one of the few things you can say with hexadecimal characters. Besides, doesn't it look like some sort of scary hacker moniker?) The point of this is to demonstrate that, by choosing input carefully, you are able to control the return address. This means we can also pass shellcode as an argument and pad it to just the right size necessary to concatenate a return address to a payload, which will then return and result in its execution. This is essentially the heart of the stack overflow attack. However, as you can imagine, the return needs to point to a nice spot in memory. Before we tackle that, let's get our hands on some bytes slightly more exciting than deadbeef
.
Instead of generating the payload and passing it to some file that will be input to Metasploit or Shellter, we actually want to get our hands...