# Egg Hunting

Egg Hunting can be applied if only a few chars are possible to use as shellcode.  
A tag or egg is an already identified group of bytes in the binary the egg hunter  
is trying to find.

## Accessing Virtual Address Space

Like [shakuganz](https://shakuganz.com/2021/07/14/hackthebox-hunting-write-up/) wrote about, ccessing unallocated memory can be done in the following way 
```python
mem_addr = 0x5FFFFFFF

if access(mem_addr, 0) == 0x2f:
    jump_to_next_page()
elif value_at(mem_addr) != egg:
    mem_addr += 1
else:
    print(mem_addr)
```


## Tools

Egg hunter can be found in pwntools' `pwnlib.shellcraft`


## Resources

* [hick.org](http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf)
* [Chaudhary's blog](https://medium.com/@chaudharyaditya/slae-0x3-egg-hunter-shellcode-6fe367be2776)