Vulnerability Development mailing list archives
Re: creating shell code for exploits
From: ghandi <ghandi () DOPESQUAD NET>
Date: Mon, 1 Jan 2001 21:54:49 -0700
On Mon, 1 Jan 2001, eke71 wrote:
hi guys I am new to the list and was wondering how shell code is created for exploits ?
A lot of times old shellcode can be reused (find one for the target operating system and architecture). Jose Nazario listed a good number of them on pen-test [1]. After that, the trick is just getting the vulnerable program to jump to it. If you are writing your own, follow Aleph One's "Smashing the Stack for Fun and Profit" [2]. The basic procedure is: - Write the code in assembly (you can use the C compiler as a guide). - Hex-encode the machine code (use GNU 'objdump' or Solaris 'dis'). - Get rid of any bytes that may be interpreted on input to the program (NULL bytes, other whitespace, etc). - Place the bytes in a string in the exploit and test it (cast the string pointer as a function pointer and call it). I wrote some shellcode for SPARC/Solaris to exec /bin/sh and bind /bin/sh to a TCP port [3]. I have both posted in assembly and as C header files. The code to bind a shell was purged of (in addition to NULLs) all whitespace chars, '?' (0x3f), and '&' (0x26) for passing through HTTP GET requests. I hope that sheds some light on the subject. [1] - http://www.securityfocus.com/archive/101/150666 [2] - http://phrack.infonexus.com/search.phtml?view&article=p49-14 [3] - http://www.dopesquad.net/security -- ghandi / ghandi () dopesquad net / www.dopesquad.net "Bein' Crazy is the least of my worries." - Jack Kerouac C439 2B06 D8D2 A2D8 1ABB 0A55 A61D 9057 63F5 9B1F
Current thread:
- creating shell code for exploits eke71 (Jan 01)
- Re: creating shell code for exploits Sebastian (Jan 02)
- Re: creating shell code for exploits ghandi (Jan 02)
- <Possible follow-ups>
- Re: creating shell code for exploits starman jones (Jan 02)
- Re: creating shell code for exploits sebas7ien (Jan 04)
- Re: creating shell code for exploits Dcarrel Hert (Jan 05)
- Re: creating shell code for exploits Andrew R. Reiter (Jan 05)
- Re: creating shell code for exploits h honoriak (Jan 05)
- Re: creating shell code for exploits Dcarrel Hert (Jan 05)