Anatomy of Exploit – World of Shellcode Part 1

The content has been created by floriano, he reserved all the rights.

Introduction On Exploits

Nowadays the word exploit is becoming frightened, thousands of peoples that are in field of IT should(is a must) know how to make a exploit or even how to defend by eexploits.Out there are hundreds of exploits that are published in several websites like exploit-db.com, secunia.com 1337day.com etc.Exploitation means using a program routine or a 0day attack to own the OS or crashing the program.Exploiting a program is a clever way of getting the computer to do what you want it to, even if the currently running program was designed to prevent that actions.It can do only what you have programmed to do.To get rid of exploit you should learn assembly languageas it is the language wich can talk directly to the kernel, C,c++,Perl, Python programming wich by system calls() we can call the kernel.For me those languagesare enough but since the Computer are in evolution you should not stop learning other programming language.
In this paper i wont publish no exploit but to explain the make of it, the importance of it, and clearing some misunderstanding in our mind, in our brain, so when we read a source code should not become confused.But someone  in IRC asked to me how many types of exploit do we have.In reality there are  too many types of exploits but i will mention the most important exploits that are used todays.

Remote exploits

Exploits can be developed almost at any operation system, but the most comfortable OS is Linux and Windows todays.I dont know about Windows cuz we need to install tools like microsoft visual c++,python 2.7 or perl and using them in CMD.But in Linux the gcc, as, ld are the GNU defaults compilers.
In Linux you should have learnt sockets to get a routine and get the work done. We have the shell wich is too important to program an exploit.But in this section the purpose is understanding the remote exploits and creating the basic of it.
Getting rid of the vulnerability of the program you want or the system you want  to get prigileges on the System.Here we go in the Art of Fuzzing wich we send  many characters to overflow or to flood and crash the Program.But how do we know what is the address of the eip, to get exploit it in way ret2eip wich means ret2eip=Return the Address of eip.Im explaining the steps:

[Step One]

Before you develop any exploit, you need to determine whether a vulnerability exists in the application. This is where the art of fuzzing comes into play.

Since it is remote we can’t know the address of register in wich we crashed the program.

This step is getting a better fuzzer like Spike and Metasploit.When the fuzzer will be stopped we only get the length of the char’s.

[Step Two]

Get on work with fuzzer.Practice it.Run it.In this step we ran the fuzzer and what we get only the length of the chars but to exploit a program we need eip.

Length(X1h21hsdpgm234jlasn356kklasdn432210ifaslkj4120sd ……………..) etc. We only have the length.

[Step Three]

We download the program in our system and test it with the fuzzer.As the target is we launch a debugger like Ollydbg and we will watch what will happen when the fuzz will start.The program will be overflowed and the eip will be on red line.Here we got what we wanted to have.We got the eip, now what.

[Step Four]

Prepare the shellcode.What is shellcode?-Shellcode is made in assembly language with instructions to get the shell with system calls like execve or execl.
To be Continued……..
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top Tips To Avoid Getting Scammed In Sports Wagering Sites

If you’re a sports fan, you’ve probably wanted to dabble into the world of sports wagering. Who wouldn’t? Just the idea of being able...

5 Security Apps to Protect your Phone from Hackers

Our phones are much more than just communication devices these days. They save all of our personal, financial, and private information. Losing access to...

Ways to Improve Internet Speed

A slow-speed internet that makes you wait for ages before you can finally access a webpage is surely quite a pain! It tests your...

How to Reduce Risk with Runtime Application Self Protection

Instead of waning, cyber attacks continue to rise as the years pass. Several reasons contribute to this phenomenon, despite developing and deploying more robust...