Vulnerability Development mailing list archives

Re: Shellcode from ASCII

From: "Berend-Jan Wever" <SkyLined () edup tudelft nl>
Date: Wed, 25 Jun 2003 18:47:44 +0200

Yeah, I am writing a shellcode encoder that does just that, first tests
proved it worked. The result will be twice as big as the origional shellcode
and a ~150 bytes decoder has to be added.
It's very beta atm. so I'm not sharing the code yet... I'll post something
when I'm done testing. Let me know if you're interested in working with me
on this.

Also there was an article in phrack about this:
http://www.phrack.org/show.php?p=57&a=15
It's a very usefull resource and includes source for a program that can
encode your shellcode too.

Berend-Jan Wever

----- Original Message ----- 
From: "martin rakhmanoff" <jimmers () yandex ru>
To: <vuln-dev () securityfocus com>
Sent: Wednesday, June 25, 2003 12:09
Subject: Shellcode from ASCII



Hello





Usually when coding exploits one needs to escape null bytes in shellcode.

To do this XOR is often used. My question is: is it possible to escape not

only null bytes but also non-ascii bytes?

In other words is it possible to have shellcode (for Windows 2000/XP/2003)

that consists of bytes with codes 0x21-0x7e?



Thanks

Martin

Current thread:

Shellcode from ASCII martin rakhmanoff (Jun 25)
- Re: Shellcode from ASCII Berend-Jan Wever (Jun 25)
  - Re: Shellcode from ASCII Jose Ronnick (Jun 26)
- GetPC code (was: Shellcode from ASCII) Gerardo Richarte (Jun 26)
  - Re: GetPC code (was: Shellcode from ASCII) Roland Postle (Jun 26)
    - Re: GetPC code (was: Shellcode from ASCII) Gerardo Richarte (Jun 26)
    - Re: GetPC code (was: Shellcode from ASCII) Roland Postle (Jun 26)
  - Re: GetPC code (was: Shellcode from ASCII) Berend-Jan Wever (Jun 27)
- Re: Shellcode from ASCII Gerardo Richarte (Jun 26)