Anatomy of Exploit – World of Shellcode Part 1

The content has been created by floriano, he reserved all the rights.

Introduction On Exploits

Nowadays the word exploit is becoming frightened, thousands of peoples that are in field of IT should(is a must) know how to make a exploit or even how to defend by eexploits.Out there are hundreds of exploits that are published in several websites like, etc.Exploitation means using a program routine or a 0day attack to own the OS or crashing the program.Exploiting a program is a clever way of getting the computer to do what you want it to, even if the currently running program was designed to prevent that actions.It can do only what you have programmed to do.To get rid of exploit you should learn assembly languageas it is the language wich can talk directly to the kernel, C,c++,Perl, Python programming wich by system calls() we can call the kernel.For me those languagesare enough but since the Computer are in evolution you should not stop learning other programming language.
In this paper i wont publish no exploit but to explain the make of it, the importance of it, and clearing some misunderstanding in our mind, in our brain, so when we read a source code should not become confused.But someone  in IRC asked to me how many types of exploit do we have.In reality there are  too many types of exploits but i will mention the most important exploits that are used todays.

Remote exploits

Exploits can be developed almost at any operation system, but the most comfortable OS is Linux and Windows todays.I dont know about Windows cuz we need to install tools like microsoft visual c++,python 2.7 or perl and using them in CMD.But in Linux the gcc, as, ld are the GNU defaults compilers.
In Linux you should have learnt sockets to get a routine and get the work done. We have the shell wich is too important to program an exploit.But in this section the purpose is understanding the remote exploits and creating the basic of it.
Getting rid of the vulnerability of the program you want or the system you want  to get prigileges on the System.Here we go in the Art of Fuzzing wich we send  many characters to overflow or to flood and crash the Program.But how do we know what is the address of the eip, to get exploit it in way ret2eip wich means ret2eip=Return the Address of eip.Im explaining the steps:

[Step One]

Before you develop any exploit, you need to determine whether a vulnerability exists in the application. This is where the art of fuzzing comes into play.

Since it is remote we can’t know the address of register in wich we crashed the program.

This step is getting a better fuzzer like Spike and Metasploit.When the fuzzer will be stopped we only get the length of the char’s.

[Step Two]

Get on work with fuzzer.Practice it.Run it.In this step we ran the fuzzer and what we get only the length of the chars but to exploit a program we need eip.

Length(X1h21hsdpgm234jlasn356kklasdn432210ifaslkj4120sd ……………..) etc. We only have the length.

[Step Three]

We download the program in our system and test it with the fuzzer.As the target is we launch a debugger like Ollydbg and we will watch what will happen when the fuzz will start.The program will be overflowed and the eip will be on red line.Here we got what we wanted to have.We got the eip, now what.

[Step Four]

Prepare the shellcode.What is shellcode?-Shellcode is made in assembly language with instructions to get the shell with system calls like execve or execl.
To be Continued……..
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

OSINT Tutorial to Discover Antivirus of the Target

This OSINT tutorial demonstrates the "RECON-NG tool" on Kali Linux. It discovers the type of Anti-Virus software (AV) the victim is running on their...

Cracking Password Protected ZIP, RAR & PDF using Zydra

Having confidential documents on a system, like a pdf of financial data or a zip including personal images and videos, ensure they're password-protected so...

Four Ways SASE is Revolutionizing Network Security 

Are you interested in a network that offers amazing security features without compromising high-speed performance? With SASE, you don't have to settle for less....

Protect Your Account From Being Hacked While Online Banking on a Public Network

An online account is an account that you register to access or use a website or application. Indeed you have an online account such...