A shellcode is a small piece of executable code used as a payload, built to exploit vulnerabilities in a system or carry out malicious commands. The name comes from the fact that the shellcode usually starts a command shell which allows the attacker to control the compromised machine.
Shellcodes can be crafted to take advantage of specific software vulnerabilities, allowing attackers to bypass security measures and gain control over a compromised system. They are also used in cybersecurity fields like penetration testing.
Examples of shellcodes
- Reverse shell shellcode establishes a connection between the compromised system and an attacker-controlled system, letting the attacker access the compromised machine remotely.
- Bind shell shellcode sets up a network on the compromised system in order to establish the connection with the attacker, so they can gain control over the targeted system.
- File download shellcode exploits a vulnerability to download and execute a malicious file from a remote server onto the compromised system.
- Meterpreter shellcode. It is a popular shellcode framework used in penetration testing that allows testers file system manipulation, process manipulation, network exploration, and privilege escalation.
- Shellcode for local privilege escalation. This type of shellcode exploits vulnerabilities in an operating system to elevate the privileges of the attacker, allowing them to gain administrative or root access.