Executable and Linking Format (ELF) fundamentals
Before we dig into the various shellcode techniques, let's take some time to understand executable files within Linux. ELF is the Linux and Unix executable file type. This file type consists of a header and a data field. You can view this by using the command readelf on an executable file. For example, let's view this command on the nslookup program using the command readelf -a /bin/nslookup.
I am using the -a option, which will provide me with all the relevant information — this includes components such as the file header, program header, sections, symbols, and more. The following screenshot is a sample of just the ELF header.
Figure 5.2 – readelf output on nslookup displaying the ELF header
The ELF header contains very important information that is used by the Operating System (OS). This information tells the OS how to handle the file. Let's analyze some of these sections:
...
