In the world of Hackers you have two distinct group of individuals – the people who find and make the tools for exploits and the people who use the tools without having an understanding of what the tools do.
The latter type are people that are known as script kiddies and the former type are known as true hackers.
(To learn more about the various types of hackers read What Are The Main Differences Between Hackers And Crackers)
These are the people that go deep inside of the system and learn how everything works.
Through the use of books and actually testing the system, they learn how the different layers of software that are on the computer interact with each other.
It is through this knowledge that they learn how to exploit a weakness in the system.
The Problems With Shell Code
One of these weaknesses is what is termed “shell code”.
A piece of shell code is almost always integral in delivering an attack on the system.
When we talk about a piece of shell code we are talking about code that is used to deliver the exploit to the system.
They use the name shell code to describe this action because most of the attacks of this nature would originate within the command shell of a machine.
These days the same types of attack can originate from more than just the shell code but the same name is still used.
The process that the shell code uses to attack your system depends on if it is a local attack or a remote attack.
A local attack is easier than a remote attack but they both attempt to hijack a process on the target machine.
Once this process is taken over, they then use the available permissions of that process to perform other actions.
Usually the actions involve downloading more pieces of the attack.
The initial piece of shell code is just the delivery system.
The part that will damage your system will be downloaded once the original piece of shell has been activated.
There are several different ways that this type of attack occurs but the root of all these attacks start off the same way that I wrote about.
When a programmer writes a piece of shell code, they usually use Assembly or very low level C.
This usually means that only a certain type of system will be targeted.
Shell code used on an attack on a Linux system will most likely not work on a Windows operating system.
Of course the vice versa is true as well.
Shell code attacks are highly specialized and well thought out.
Even in the world of hackers, most people do not understand the underlying details of how to write shell code.
It is a skill that pretty much puts you in the top of the community.
There are simple shell codes that a programmer can write, but the ones that tend to do damage are written by experts in the field.