• Israel (6/6) Nov 07 2014 Recently i started thinking, how popular is a language based on
• Adam D. Ruppe (21/23) Nov 07 2014 It is just a function that is already compiled and added as a
• Israel (4/11) Nov 07 2014 Wow thats incredible, im not an advanced programmer by any means

"Israel" <tl12000 live.com> writes:

Recently i started thinking, how popular is a language based on
how often a paste is made in that language?

so i decided to look through pastebin in D and found some
interesting stuff.
This one in particular. http://pastebin.com/dq4Bp9x0. What is
this...

"Adam D. Ruppe" <destructionator gmail.com> writes:

On Saturday, 8 November 2014 at 02:42:34 UTC, Israel wrote:
 This one in particular. http://pastebin.com/dq4Bp9x0. What is
 this...

It is just a function that is already compiled and added as a 
string literal. It calls the system function exec("/bin/bash"); 
to spawn a shell over the current process. It is called shellcode 
because it is code to launch a shell and is done as a string 
because a practical application is to exploit a buffer overflow 
vulnerability in a program to gain access to a target computer. 
(It isn't as easy as feeding a string as input btw, but this 
would be like the hello, world version of it.)

But I was wondering why the title said "HOLY CRAP THAT IS 
STUPID"... and at first, I though the author just didn't use 
cast() properly, but after trying it, I'm inclined to agree.

With the straightforward cast, the compiler spits out:

Error: no size for type void()
Error: no size for type void()

What a terrible error message and it seems kinda silly to me to 
be an error at all. It doesn't even work if I ask for ptr. This 
is just casting pointer types, why does the compiler require an 
intermediate step?

Maybe I'm missing some logic here, but my impression right now is 
holy crap, this is stupid.

"Israel" <tl12000 live.com> writes:

On Saturday, 8 November 2014 at 03:06:01 UTC, Adam D. Ruppe wrote:
 On Saturday, 8 November 2014 at 02:42:34 UTC, Israel wrote:
 This one in particular. http://pastebin.com/dq4Bp9x0. What is
 this...

 It is called shellcode because it is code to launch a shell and 
 is done as a string because a practical application is to 
 exploit a buffer overflow vulnerability in a program to gain 
 access to a target computer.

Wow thats incredible, im not an advanced programmer by any means
but ive seen  code like this being used in some java script
programs.