Announcement

**0x58** · December 22, 2008, 02:22

Re: Compiling shellcode

Mainly because there is a beauty in writing the shortest shell code possible for the given program that you are attacking. That is the reason I do it.

**valkyrie** · December 22, 2008, 02:38

Re: Compiling shellcode

Originally posted by bascule View Post

Most of you probably know I have more of a CS background than an infosec background, but I likes myself some infosec too.

My friends enjoy writing shellcode by hand, and as a compsci person I'm just like "Why do by hand that which a program can generate for you?"

I'm developing my own programming language for what's fundamentally a register-based virtual machine, so I'm curious why shellcode need be generated by hand, not compiled.

And I'm also interested in LLVM, and found this paper detailing Turing machine emulation using return-into-libc attacks.

So I'm curious: why hand-write your shellcode when it could be compiled?

It doesn't NEED to be hand-written. As ox58 properly points out, it's not just an ego thing; sometimes human ingenuity and ahah moments can do more for you than the machine, thus, hand writing code. I personally prefer tools like metasploit; I have an option of creating my own exploits within a framework. YMMV. But then you know I love your geeky CS soul. :-)

Regards,

valkyrie
__________________________________________________ ______________________
sapere aude

Announcement

Compiling shellcode

Compiling shellcode

Comment

Comment