CTF Support
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. CTF Support
  2. /
  3. Pwn
  4. /
  5. Shellcode
Edit page

Shellcode

Introduction

Shellcode is binary code written in assembly used to execute specific operations, usually to spawn a shell or modify system state.

In CTFs, you inject shellcode into an overflow or overwrite vulnerability to gain control over execution.

Pwntools

pwntools can assemble and inject shellcode quickly.

Example to generate Linux x64 shellcode to run sh:

from pwnlib import *

context.context(arch='amd64', os='linux')
shellcode = asm.asm(shellcraft.amd64.linux.sh())
print(shellcode)

MSFvenom

msfvenom (from Metasploit) is another common generator.

Generate payload:

msfvenom -p <payload> -f raw

List available payloads:

msfvenom --list payloads

Common payloads:

linux/x86/shell_reverse_tcp
windows/x64/shell_bind_tcp