Shellcode Injection


CSE 466 - Fall 2023

Welcome to Shellcode Injection, the deep dive into the choreography of code execution, where you don't just tap into the rhythm of a system, but you take the lead, guiding the entire ensemble of processes, threads, and instructions.

Once the gates of execution are breached, what follows? Is it the end of the battle, or merely the beginning of a symphony? How does one communicate with the very core of a machine, dictating its every move, turning threats into opportunities, limitations into launching pads?

For the hackers among us, the dance begins with shellcode. But mastering this dance isn't about merely memorizing steps; it's about improvisation, anticipation, and adaptation.

Throughout this module, you'll dive deep into:

Dancing with a processor isn't just about knowing the steps, but understanding the language and semantics of each instruction. While you'll have the stage to yourself, we ensure you're never alone on this journey. Equip yourself with these invaluable scrolls of wisdom:

As you embark on this journey, remember, it's not just about taking control; it's about finesse, elegance, and the joy of the dance. In the vast assembly halls of x64, the processor awaits your cue. So, put on your dancing shoes, and let's speak the language of the processor!


Lectures and Reading

Lots of external resources are referred to in the module videos. Additionally, the following reading material is useful:


Challenges

Write and execute shellcode to read the flag!

Write and execute shellcode to read the flag, but a portion of your input is randomly skipped.

Write and execute shellcode to read the flag, but your inputted data is filtered before execution.

Write and execute shellcode to read the flag, but your inputted data is filtered before execution.

Write and execute shellcode to read the flag, but the inputted data cannot contain any form of system call bytes (syscall, sysenter, int), can you defeat this?

Write and execute shellcode to read the flag, but the inputted data cannot contain any form of system call bytes (syscall, sysenter, int), this challenge adds an extra layer of difficulty!

Write and execute shellcode to read the flag, but all file descriptors (including stdin, stderr and stdout!) are closed.

Write and execute shellcode to read the flag, but you only get 18 bytes.

Write and execute shellcode to read the flag, but your input has data inserted into it before being executed.

Write and execute shellcode to read the flag, but your input is sorted before being executed!

Write and execute shellcode to read the flag, but your input is sorted before being executed and stdin is closed.

Write and execute shellcode to read the flag, but every byte in your input must be unique.

Write and execute shellcode to read the flag, but this time you only get 12 bytes!

Write and execute shellcode to read the flag, but this time you only get 6 bytes :)


Ranking

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

Rank Hacker Badges Score