Small piece of code used as a payload to exploit a software vulnerability / From Wikipedia, the free encyclopedia

Dear Wikiwand AI, let's keep it short by simply answering these key questions:

Can you list the top facts and stats about Shellcode?

Summarize this article for a 10 year old


In hacking, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell, some have suggested that the name shellcode is insufficient.[1] However, attempts at replacing the term have not gained wide acceptance. Shellcode is commonly written in machine code.

When creating shellcode, it is generally desirable to make it both small and executable, which allows it to be used in as wide a variety of situations as possible.[2] Writing good shellcode can be as much an art as it is a science.[3] In assembly code, the same function can be performed in a multitude of ways and there is some variety in the lengths of opcodes that can be used for this purpose; good shellcode writers can put these small opcodes to use to create more compact shellcode.[4] Some have reached the smallest possible size while maintaining stability.[5]

Oops something went wrong: