Information AboutShellcode |
| CATEGORIES ABOUT SHELLCODE | |
| security exploits | |
|
SHELLCODE EXECUTION STRATEGY A shellcode may be used as an Exploit Payload , providing a Cracker with Command Line access to a Computer system with the privileges of the process that has been exploited. To avoid detection by anti-intrusion measures and to store more than one string, crackers often make use of self-decrypting code, Polymorphic Code and Alphanumeric Code . Shellcodes can be stored in a process' memory space and subsequently executed as a result of the attacker gaining control of the , overwriting Exception Handlers and Windows based Shatter Attack s. SHELLCODE COMMUNICATION METHODS There are two main methods of communicating with a compromised machine: a listening port to accept connections or a connect-back shell, the latter connects back to a predetermined address whilst the other waits for any incoming connections. The main practical difference occurs at a Firewall that is configured to block connection requests for ports that do not run an authorised service, whereas outward bound connections may be assumed to be legitimate. SHELLCODE MITIGATION STRATEGIES There are several steps which can mitigate the threat of shellcode being executed on a system: configuration of a Firewall , Packet Filtering , minimising the number of privileged services running on a machine and Intrusion Detection System s (IDS). SEE ALSO EXTERNAL LINKS
|
|
|