Many cyber attacks involve the use of shellcode. Hackers leverage it to exploit vulnerabilities in software. From word processors and web browsers to operating systems and more, vulnerabilities are found in all types of software. With shellcode, hackers can take advantage of these vulnerabilities to perform a cyber attack. It’s known as “shellcode” because it typically consists of shell commands. Here are five common types of shellcode.
#1) Remote
Remote shellcode is one of the most common types of shellcode. As the name suggests, it’s performed remotely. Hackers use remote shellcode to exploit software vulnerabilities on other, remote computers. The hacker may carry out these cyber attacks over a TCP/IP connection. After gaining access to the shell on the victim’s computer over a TCP/IP connection, the hacker may steal the victim’s data or perform other nefarious activities.
#2) Local
Local shellcode is characterized by the use of a target computer to which the hacker has limited access. The hacker doesn’t need complete access to the target computer. With local shellcode, the hacker only needs partial access. As long as the hacker can exploit a software vulnerability, such as a buffer overflow, he or she can use local shellcode.
#3) Staged
Some shellcodes are broken into multiple sections or stages. Known as staged shellcode, it’s used in instances in which the malicious code is too much for the target computer to execute. With staged shellcode, the hacker will execute the malicious code in stages. After the initial stage has been executed, the next stage will begin.
#4) Download and Execute
One of the most distributing types of shellcode is download and execute. It’s used to deploy viruses and other forms of malware. With download and execute, the hacker will exploit a software vulnerability to force the target computer to download and execute malware. The target computer will automatically download the malware from the specified destination, after which the target computer will execute it.
#5) Egg Hunt
Finally, there’s egg hunt shellcode. It’s essentially a variant of staged shellcode. Egg hunt shellcode is used when the hacker doesn’t know the address of a process. The hacker will then execute a small piece of malicious code to locate the process address. After identifying the correct address, the hacker will execute the complete shellcode. It’s known as “egg hunt shellcode” because it’s designed to identify or hunt for a process address.