Re: Shellcode from ASCII

[Jose Ronnick <matrix () phiral com>]

Also, check out http://www.phiral.com/research/dissembler.html

On Wed, 25 Jun 2003 18:47:44 +0200
"Berend-Jan Wever" <SkyLined () edup tudelft nl> wrote:

> Yeah, I am writing a shellcode encoder that does just that, first tests
> proved it worked. The result will be twice as big as the origional shellcode
> and a ~150 bytes decoder has to be added.
> It's very beta atm. so I'm not sharing the code yet... I'll post something
> when I'm done testing. Let me know if you're interested in working with me
> on this.
>
> Also there was an article in phrack about this:
> http://www.phrack.org/show.php?p=57&a=15
> It's a very usefull resource and includes source for a program that can
> encode your shellcode too.
>
> Berend-Jan Wever
>
> ----- Original Message ----- 
> From: "martin rakhmanoff" <jimmers () yandex ru>
> To: <vuln-dev () securityfocus com>
> Sent: Wednesday, June 25, 2003 12:09
> Subject: Shellcode from ASCII
>
>
> > Hello
> >
> >
> >
> >
> >
> > Usually when coding exploits one needs to escape null bytes in shellcode.
> >
> > To do this XOR is often used. My question is: is it possible to escape not
> >
> > only null bytes but also non-ascii bytes?
> >
> > In other words is it possible to have shellcode (for Windows 2000/XP/2003)
> >
> > that consists of bytes with codes 0x21-0x7e?
> >
> >
> >
> > Thanks
> >
> > Martin


-- 
%JOSE_RONNICK%50,:-dddd-0EEb-pVVyP\-1111-jjjj-yNNN-_4HUP-qq0q-02%r-_Z%JP-%Iwp-5kyyP-n5nn-aTTa-1271P-4ttt-/888-3tSMP-bbnb-L8wL-kMwgP-3Hy3-rqzWP-m%m8-h4x--v%r5P-S7S7-g7g7-F2u2PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP

Attachment: _bin
Description: