Penetration Testing mailing list archives
Re: pen testing & obfuscated shell code (more neat stuff)
From: Steve Kemp <steve () steve org uk>
Date: Fri, 13 Feb 2004 19:43:59 +0000
On Fri, Feb 13, 2004 at 03:42:08PM -0000, Karsten Johansson wrote:
I just did some experimenting with the idea of simply entering an ASCII characters as NOP sleds.
Of course to complete the cycle it's possible to write pure ASCII shellcode, or even shellcode that will pass manipulations such as being passed through toupper()/tolower(). See for example this page: http://www.livejournal.com/community/shellcode/1983.html An entirely ASCII piece of code for writing a message to the console. (x86 - linux). Steve --- # Debian Security Audit Project http://www.steve.org.uk/Debian/ --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Re: pen testing & obfuscated shell code (more neat stuff) Karsten Johansson (Feb 13)
- Re: pen testing & obfuscated shell code (more neat stuff) Steve Kemp (Feb 16)
- RE: pen testing & obfuscated shell code (more neat stuff) Omar Herrera (Feb 16)
- <Possible follow-ups>
- Re: pen testing & obfuscated shell code (more neat stuff) Karsten Johansson (Feb 17)
- Re: pen testing & obfuscated shell code (more neat stuff) Angelo Dell'Aera (Feb 17)