execute shellcode not on the stack (buffer overflow)

Question

Is it possible to execute your shellcode not on the stack? Is there another way to execute the shellcode? Thanks in advance

Answer 1

Yes, it is possible, but there's a lot of things to say here.

First of all, code on the stack is usually not executable on many modern devices which use the NX-bit.

But more generally speaking, any part of memory can be made executable if you manage to get the required privilege. This can be the heap, the RAM, any area of the drive. It doesn't really matter.

The stack is just the most common default attack, but shellcodes can, for instance, also exploit heap overflows, (see this answer for an explanation).

One common attack structure would be:

1. Exploit some vulnerability to get on the stack, heap, some other memory
2. Use ROP to make that part of memory executable
3. Have a shellcode, possibly egg-hunter if there is a memory restriction, which will find the main payload, or download something
4. Execute the main payload

Hope this answers the question