Penetration Testing mailing list archives
Re: pen testing & obfuscated shell code (more neat stuff)
From: "Angelo Dell'Aera" <buffer () antifork org>
Date: Tue, 17 Feb 2004 15:53:51 +0100
On 16 Feb 2004 17:52:45 -0000 Karsten Johansson <ksaj () penetrationtest com> wrote:
In-Reply-To: <002d01c3f358$6339a660$6401a8c0@harrypotter>
Since the people that use NOP sleds don't really care about the registers and what's on the stack, then there are probably a lot more useful NOP sled opcodes available - as long as they don't generate errors.
Don't like too much talking about myself but I just want to point out a work I realized two years ago for showing how to defeat an IDS in "shellcode catching". In that occasion, I wrote two completely alphanumeric codes you may find on my homepage (reported below) and named buffer-i386-raptus.c and buffer-i386-delirium.c. In particular, the latter is an alphanumeric asm code which builds a shellcode and then executes it. Using these codes, you can use whatever padding you want since they make no assumptions on the registers' contents thus always setting them properly. This is obviously true even if you generate an alphanumeric shellcode using f.e. Rix's ASC starting by "I-make-no-assumptions" classic shellcode. Regards. -- Angelo Dell'Aera 'buffer' Antifork Research, Inc. http://buffer.antifork.org PGP information in e-mail header
Attachment:
_bin
Description:
Current thread:
- Re: pen testing & obfuscated shell code (more neat stuff) Karsten Johansson (Feb 13)
- Re: pen testing & obfuscated shell code (more neat stuff) Steve Kemp (Feb 16)
- RE: pen testing & obfuscated shell code (more neat stuff) Omar Herrera (Feb 16)
- <Possible follow-ups>
- Re: pen testing & obfuscated shell code (more neat stuff) Karsten Johansson (Feb 17)
- Re: pen testing & obfuscated shell code (more neat stuff) Angelo Dell'Aera (Feb 17)