Vulnerability Development mailing list archives
Re: shellcode with standard characters
From: sin <sin () insolence net>
Date: Thu, 12 Jun 2003 17:42:50 -0500 (CDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 along the same idea's of what you are talking about is a phrack article called 'Alphanumeric IA32 Shellcode' or simlar, i think its in issue 57. basically what your looking for is instructions with opcodes that are within your prereq's, and operands to those instructions are within it; i myself decided putting the non alphanumeric shellcode on the stack using 'valid' instructions was the best bet, but i dont understand the modr/m && sib bytes well enough to fully understand the article; and thus wasnt able to create a way to jmp or call esp, not without using non alphanumeric characters anyways; the authors original idea is somewhat neat in that we can use je/jne/jo/etc that use fixed offset's, so as i understood it we write our code where certain parts can be called a second time and not affect things really; i.e. the first time through the code writes to itself and alters what will be execution the second time; the second time it actually executes it; but i could be way off base; anyways yes thats the only article i know of that covers this; you might look into the papers that described like how they got around imapd's toupper() and polymorphic/encrypted shellcode papers... if you find anything good, let me know j On Thu, 12 Jun 2003, JohnnyRun wrote:
Date: Thu, 12 Jun 2003 11:20:00 +0200 From: JohnnyRun <gianni79 () gamebox net> To: vuln-dev () securityfocus com Subject: shellcode with standard characters Hi! This is my first post and I'm looking for some documentation. A friend of mine has produced a segfault with malloc vulnerability on an application. We would like to produce something more interesting. The field overflowed can accept only characters between 0 and 128. Any other character is replaced with a whitespace. Can we inject shellcode with only this characters avaible? Can you suggest me documentation about shellcode writing? Thanks a lot JohnnyRun -- -------------------------------
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+6QHtoEcehqzkkpgRAj6NAKCpdlJ7bb7GEoIdK/Ugd++bHaT15gCfRLHx JJEm7A7FmQjMUSQfjhgSLSc= =UNq+ -----END PGP SIGNATURE-----
Current thread:
- shellcode with standard characters JohnnyRun (Jun 12)
- Re: shellcode with standard characters andrewg (Jun 12)
- Re: shellcode with standard characters KF (Jun 12)
- Re: shellcode with standard characters sin (Jun 12)
- Re: shellcode with standard characters Jose Ronnick (Jun 12)
- Re: shellcode with standard characters steve (Jun 12)