ASU CSE 466

Module: Shellcode Injection

Shellcoding is the art of injecting code into a program, during exploitation, to get it to carry out actions desired by the attacker [1].

Slides

The slides for this module are:

Practice

Again, you will practice on a set of generated challenges. There is a /flag file, and you get to choose one binary on which the SUID flag will be set. The binaries that you are allowed to choose are all under the /pwn directory.

Each program takes user input on stdin and will filter and execute your shellcode. If your shellcode successfully runs, you can use it to read the /flag file.

Resources

Useful resources: