Vulnerability Development mailing list archives
Re: Shellcode from ASCII
From: Jose Ronnick <matrix () phiral com>
Date: Wed, 25 Jun 2003 18:56:55 -0700
Also, check out http://www.phiral.com/research/dissembler.html On Wed, 25 Jun 2003 18:47:44 +0200 "Berend-Jan Wever" <SkyLined () edup tudelft nl> wrote:
Yeah, I am writing a shellcode encoder that does just that, first tests proved it worked. The result will be twice as big as the origional shellcode and a ~150 bytes decoder has to be added. It's very beta atm. so I'm not sharing the code yet... I'll post something when I'm done testing. Let me know if you're interested in working with me on this. Also there was an article in phrack about this: http://www.phrack.org/show.php?p=57&a=15 It's a very usefull resource and includes source for a program that can encode your shellcode too. Berend-Jan Wever ----- Original Message ----- From: "martin rakhmanoff" <jimmers () yandex ru> To: <vuln-dev () securityfocus com> Sent: Wednesday, June 25, 2003 12:09 Subject: Shellcode from ASCIIHello Usually when coding exploits one needs to escape null bytes in shellcode. To do this XOR is often used. My question is: is it possible to escape not only null bytes but also non-ascii bytes? In other words is it possible to have shellcode (for Windows 2000/XP/2003) that consists of bytes with codes 0x21-0x7e? Thanks Martin
-- %JOSE_RONNICK%50,:-dddd-0EEb-pVVyP\-1111-jjjj-yNNN-_4HUP-qq0q-02%r-_Z%JP-%Iwp-5kyyP-n5nn-aTTa-1271P-4ttt-/888-3tSMP-bbnb-L8wL-kMwgP-3Hy3-rqzWP-m%m8-h4x--v%r5P-S7S7-g7g7-F2u2PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
Attachment:
_bin
Description:
Current thread:
- Shellcode from ASCII martin rakhmanoff (Jun 25)
- Re: Shellcode from ASCII Berend-Jan Wever (Jun 25)
- Re: Shellcode from ASCII Jose Ronnick (Jun 26)
- GetPC code (was: Shellcode from ASCII) Gerardo Richarte (Jun 26)
- Re: GetPC code (was: Shellcode from ASCII) Roland Postle (Jun 26)
- Re: GetPC code (was: Shellcode from ASCII) Gerardo Richarte (Jun 26)
- Re: GetPC code (was: Shellcode from ASCII) Roland Postle (Jun 26)
- Re: GetPC code (was: Shellcode from ASCII) Berend-Jan Wever (Jun 27)
- Re: GetPC code (was: Shellcode from ASCII) Roland Postle (Jun 26)
- Re: Shellcode from ASCII Gerardo Richarte (Jun 26)
- Re: Shellcode from ASCII Berend-Jan Wever (Jun 25)