Re: shellcode with standard characters

[KF <dotslash () snosoft com>]

JohnnyRun wrote:
> Hi!
> This is my first post and I'm looking for some documentation.
> A friend of mine has produced a segfault with malloc vulnerability on an
> application.
> We would like to produce something more interesting.
> The field overflowed can accept only characters between 0 and 128. Any
> other character is replaced with a whitespace.
>
> Can we inject shellcode with only this characters avaible?
> Can you suggest me documentation about shellcode writing?
>
> Thanks a lot
> JohnnyRun


You should play around with the ABO tutorials by gera of COREST.

For example
http://community.core-sdi.com/~gera/InsecureProgramming/abo9.html

http://twiki.org/cgi-bin/view/Sandbox/SolutionsToAbo9

I have no clue what language this is but it has solutions to the other 
ABO programs... for some people seeing the exploitation process helps 
them duplicate the scenario on their own box... so sorry if anyone 
thinks I spoiled the fun.

http://www.moon-soft.com/doc/readelite377385.htm

as for shellcode...

http://buffer.antifork.org/shellcode/buffer-i386-raptus.c
http://www.phrack.org/phrack/57/p57-0x0f
http://www.shellcode.com.ar/linux/lnx-alfanumeric.c

-KF