Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Shellcode jmp problem

From: Claes Nyberg <md0claes () mdstud chalmers se>
Date: Fri, 17 Oct 2003 01:17:22 +0200 (MET DST)

It's not really the same instruction, compare the first byte
"\xe9" and "\xeb". Use the instruction reference to look up the
difference (http://www.mdstud.chalmers.se/~md0claes/IntelInstrSet.pdf)
:-)

You could also push the string onto the stack and save the
value of esp, since that's the address to your string.

pushl   $0x68732f2f # 'hs//' (Little endian)
pushl   $0x6e69622f # 'nib/'
movl    %esp,%ebx   # Address to pushed string saved in ebx


// CMN


On Thu, 16 Oct 2003, Darragh O'Brien wrote:


Hi,

I'm having trouble trying to recreate Aleph One's shellcode.

My initial jmp generates 5 bytes \xe9\x19\x00\x00\x00 but
Aleph One's jmp only generates two \xeb\x19 - I'd be
grateful if someone could tell me where I'm going wrong.

Thanks,
Darragh

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------



------------------------------------------------------------------------------
Citation :
The number of UNIX installations has grown to 10, with more expected.
_The UNIX Programmer's Manual_, Second Edition, June, 1972
------------------------------------------------------------------------------


---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: