Author Topic: Where to put shellcode to be able to execute it?  (Read 5418 times)

Offline turtle13

  • Jr. Member
  • *
  • Posts: 73
Where to put shellcode to be able to execute it?
« on: June 04, 2018, 07:58:11 PM »
I would like to do a buffer overflow attack (an assignment for class) and I am exploiting an unbounded buffer. The buffer is 288 bytes and my shellcode is 118 bytes.

Where should I put my shellcode? Should I put it in memory after the return address and do a unconditional jump when the overflowed buffer reaches the return address into the stack, so that when it reaches ret (pop rip) the instruction in rip is the unconditional jmp instruction?

Offline debs3759

  • Global Moderator
  • Full Member
  • *****
  • Posts: 221
  • Country: gb
    • GPUZoo
Re: Where to put shellcode to be able to execute it?
« Reply #1 on: June 05, 2018, 01:04:18 PM »
Do you mean you want help writing a virus?
My graphics card database: www.gpuzoo.com

Offline Frank Kotler

  • NASM Developer
  • Hero Member
  • *****
  • Posts: 2667
  • Country: us
Re: Where to put shellcode to be able to execute it?
« Reply #2 on: June 05, 2018, 06:01:06 PM »
If I told you where to stick your shellcode, I'd have to ban myself from the Forum for bad language!

Seriously. I don't know the answer to that question. I try to avoid that... stuff... not  write it. I understand you're taking a class. Presumably to defend against that... stuff... In my opinion, the fewer people who know how to do that... stuff... the better off we all are. I guess it's too late. Surely your class can tell you where to put it. Really not on-topic here.

Best,
Frank