Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Analyzing Shellcode

From: "Paul Melson" <pmelson () gmail com>
Date: Mon, 9 Nov 2009 14:31:38 -0500
i am trying to analyze the shellcode used in this exploit:
http://www.milw0rm.com/exploits/7477

If i echo the unescaped shellcode i only get wierd chinese (i think)

letters.


What's the right way to analyze what kind of shellcode is beeing used and

what command > is beeing executed by it.

You picked quite the example there.  You can echo the unescaped code and
you'll get UTF-16 characters.  You can use iconv to convert to UTF-8 and
then \x it up, compile it in a mock-up executable, then debug it to get at
the assembly.

But you'll see in the comments above the JavaScript unescape call that the
payload was generated with Metasploit using the shikata_ga_nai encoder,
which encodes the original exploit as polymorphic shellcode using XOR.
That's going to be an exercise on its own.

PaulM



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: