Full Disclosure mailing list archives

Re: PPC OSX Shellcode ASM

From: KF <dotslash () snosoft com>
Date: Tue, 02 Sep 2003 10:51:31 -0400

Nice paper... even though you reference Ghandi at the bottom you maywanna give specific credit to him for your null free technique...


        ;; Use the magic offset constant 268 because it makes the
       ;; instruction encodings null-byte free.
        addi    r31, r31, 268+36
        addi    r3, r31, -268   ; r3 = path


http://www.dopesquad.net/security/shellcode/ppc/execve_binsh.s

And If I remember correctly that army.mil webserver is a m68k not ppc...
-KF

llo there,
                Please find attached my paper
on designing shellcodes on the PowerPc architecture.

The paper outlines PowerPC architecture fundementals,
and methods of deriving working shellcodes for the
exploitation of vulnerabilities discovered on the OSX
and Darwin Operating Systems.

Very sorry if this considered OFF TOPIC please excuse.

Kind Regards

        B-r00t.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

PPC OSX Shellcode ASM B-r00t (Sep 01)
- Re: PPC OSX Shellcode ASM KF (Sep 01)
- Re: PPC OSX Shellcode ASM Andrew Pinski (Sep 01)