Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pen testing & obfuscated shell code (more neat stuff)

From: Steve Kemp <steve () steve org uk>
Date: Fri, 13 Feb 2004 19:43:59 +0000
On Fri, Feb 13, 2004 at 03:42:08PM -0000, Karsten Johansson wrote:


I just did some experimenting with the idea of simply entering an 
ASCII characters as NOP sleds.


  Of course to complete the cycle it's possible to write pure
 ASCII shellcode, or even shellcode that will pass manipulations
 such as being passed through toupper()/tolower().

  See for example this page:

        http://www.livejournal.com/community/shellcode/1983.html

  An entirely ASCII piece of code for writing a message to the
 console.  (x86 - linux).

Steve
---
# Debian Security Audit Project
http://www.steve.org.uk/Debian/

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: