Vulnerability Development mailing list archives

Re: shellcode with standard characters

From: Jose Ronnick <matrix () phiral com>
Date: Thu, 12 Jun 2003 17:04:38 -0700

On Thu, 12 Jun 2003 11:20:00 +0200
JohnnyRun <gianni79 () gamebox net> wrote:

Hi!
This is my first post and I'm looking for some documentation.
A friend of mine has produced a segfault with malloc vulnerability on an
application.
We would like to produce something more interesting.
The field overflowed can accept only characters between 0 and 128. Any
other character is replaced with a whitespace.

Can we inject shellcode with only this characters avaible?
Can you suggest me documentation about shellcode writing?


Several months I wrote a tool called dissembler, which can convert an existing piece of shellcode into printable ASCII 
shellcode.. this should help you with your exploitation...

http://www.phiral.com/research/dissembler.html

Hope this helps..

-- 
%JOSE_RONNICK%50,:-dddd-0EEb-pVVyP\-1111-jjjj-yNNN-_4HUP-qq0q-02%r-_Z%JP-%Iwp-5kyyP-n5nn-aTTa-1271P-4ttt-/888-3tSMP-bbnb-L8wL-kMwgP-3Hy3-rqzWP-m%m8-h4x--v%r5P-S7S7-g7g7-F2u2PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP

Attachment: _bin
Description:

Current thread:

shellcode with standard characters JohnnyRun (Jun 12)
- Re: shellcode with standard characters andrewg (Jun 12)
- Re: shellcode with standard characters KF (Jun 12)
- Re: shellcode with standard characters sin (Jun 12)
- Re: shellcode with standard characters Jose Ronnick (Jun 12)
- Re: shellcode with standard characters steve (Jun 12)