Penetration Testing mailing list archives
RE: Analyzing Shellcode
From: "Paul Melson" <pmelson () gmail com>
Date: Mon, 9 Nov 2009 14:31:38 -0500
i am trying to analyze the shellcode used in this exploit: http://www.milw0rm.com/exploits/7477 If i echo the unescaped shellcode i only get wierd chinese (i think)
letters.
What's the right way to analyze what kind of shellcode is beeing used and
what command > is beeing executed by it. You picked quite the example there. You can echo the unescaped code and you'll get UTF-16 characters. You can use iconv to convert to UTF-8 and then \x it up, compile it in a mock-up executable, then debug it to get at the assembly. But you'll see in the comments above the JavaScript unescape call that the payload was generated with Metasploit using the shikata_ga_nai encoder, which encodes the original exploit as polymorphic shellcode using XOR. That's going to be an exercise on its own. PaulM ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Analyzing Shellcode cAs (Nov 05)
- Re: Analyzing Shellcode NiTRo (Nov 09)
- Re: Analyzing Shellcode Joshua Gimer (Nov 09)
- Re: Analyzing Shellcode Michel Chamberland (Nov 09)
- RE: Analyzing Shellcode Paul Melson (Nov 12)