Starting to Write Your Own Shellcode
4 Pages Posted:
Date Written: August 24, 2011
We have seen more and more people become reliant on tools such as Metasploit in the last decade. This facility to use these tools has empowered many and has created a rise in the numbers of people who can research software vulnerabilities. It has created more security professionals who cannot only scan a target for vulnerabilities using a tool such as Nessus, but who can complete tests involving system exploitations and hence validate the results presented to them by a scanner. But, this ends when a new application with unexpected calls or controls is found. What do we do when presented with a special case? Here we have to again return to the old art of crafting shellcode. At some stage, if we are to be more than white hat script kiddies and want to come to actually understand the application we need to learn how to craft our own custom shellcode. In this article, we start to explain the process used to do this.
Suggested Citation: Suggested Citation