Archived Blog
Dissecting Shellcode in Malicious Web Sites
08.29.2008 - 1:25 PM
When we view the source code of a malicious Web site, sometimes we see a jumble like this:
This is JavaScript code that represents the shellcode that the bad guys want to execute on the targeted machine.
You might ask: what does this shellcode do? And how can I debug it?
One way to find out is to write a quick C program that has the payLoadCode bytes in a buffer. Then, we define a pointer function to point to the code and execute it!
All we have to do now is to compile the program with the JIT debugger installed.
When we execute our program, the debugger will point us to the shellcode, and we can step over it line-by-line to see precisely what it does!
Game over!
Security Researcher: Moti Joseph
