Penetration Testing mailing list archives
Writing ascii shellcode
From: lists73 () skilltube com
Date: 4 Jul 2007 15:44:42 -0000
There was a question regarding ascii shellcode development and in particular, how to get the \xcc opcode. We had a similar problem a few weeks ago and we solved it with a well-known approach documented by Steve Hanna. The example below might help others as well. Suppose we want create the following small shellcode (just an example): int3 int3 int3 int3 The corresponding opcodes look like the following: \xcc\xcc\xcc\xcc These are definitely not printable characters. However, we can write them on the fly with the following loader code (does not contain non-printable characters): // eax == 0 and eax,454e4f4a and eax,3a313035 // make "room" for the real shellcode push esp pop eax sub eax,39393333 sub eax,72727550 sub eax,54545645 // depends on the space needed push eax pop esp // write last four byte block of our shellcode and eax,454e4f4a and eax,3a313035 sub eax,66666666 sub eax,66666666 sub eax,66666668 push eax //write next four byte block of our shellcode etc. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------
Current thread:
- Writing ascii shellcode lists73 (Jul 05)