Dailydave mailing list archives
Re: Shellcode
From: "Dustin D. Trammell" <dtrammell () sipera com>
Date: Wed, 30 Nov 2005 10:17:06 -0600
On Wed, 2005-11-30 at 02:17 -0800, halvar () gmx de wrote:
why do we care about small bindshells any more ? It's not 2001/2002 (or earlier) any more, and "read/exec" stubs would make a lot more sense. Everyone does (or should do) extra code injection (or similarly complex things) with full encryption etc.
In a more general sense, it's a good exercise to attempt to optimize your code and shoot for smaller executables. All developers used to do this back when they were forced to because their program had to fit on very small disks or tape and run in 8k of RAM. With the increases in hardware capacity, this practice has gone away because Developers no longer have to bend to the limitations... which is why I have a World of Warcraft directory taking up 6 Gigs of space on my gaming box's drive at home. I'm not there so I can't tell you exactly how big the executable is, but damn, that's a lot of space for one game. With exploits, you do have forced size limitations. Granted, you can get around the size limitation of, say, the buffer your trying to overflow with a loader stub like you mention, but that doesn't give the exercise any less merit. -- Dustin D. Trammell Vulnerability Researcher Sipera Systems Inc. http://www.sipera.com
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: Shellcode, (continued)
- RE: Shellcode Dave Korn (Nov 29)
- Re: Shellcode Alexander Sotirov (Nov 29)
- Re: Shellcode Isaac Dawson (Nov 29)
- Re: Shellcode Dave Aitel (Nov 29)
- Re: Shellcode H D Moore (Nov 29)
- Re: Shellcode halvar (Nov 30)
- RE: Shellcode Dafydd Stuttard (Nov 30)
- Re: Shellcode halvar (Nov 30)
- Re: HOLY GOD WE ARE SO OLD Matt Hargett (Nov 30)
- Re: Shellcode Isaac Dawson (Nov 29)
- Re: Shellcode halvar (Nov 30)
- Re: Shellcode Dustin D. Trammell (Nov 30)
- RE: Shellcode Dave Korn (Nov 30)