Understanding Metasploit shellcode delivery
The shellcode that we've been generating with msfvenom
is ultimately machine code that tells the processor how to, for example, bind to a local port. Once we've gone through a primer on low-level concepts such as the stack and heap, virtual address space, and assembly, this description of shellcode is straightforward enough. The art of shellcoding is two key considerations: the target execution environment's quirks and the actual delivery of the shellcode into the execution environment. The first consideration includes things like endianness and shellcode-breaking characters; this analysis is the difference between 0x20
functioning just fine in shellcode and 0x20
being one of several characters that we have to work around. The second consideration includes scenarios just like what we covered with our heap spraying attack, where we needed to use the unescape()
function to parse out the bytes. Delivery of shellcode has to consider the potential for...