Vulnerability Development mailing list archives
Re: creating a "cc" opcode from ASCII shell code
From: H D Moore <sflist () digitaloffense net>
Date: Fri, 22 Jun 2007 17:02:53 -0500
The alpha/unicode payload in Metasploit require you to specify a register that points to the code, or, failing that, use a SEH-based GetPC stub. Metasploit 3 now supports email delivery, check out the email version of the ANI exploit under: http://preview.tinyurl.com/yobm88 This code demonstrates sending an email message via SMTP and has full support for MIME parts. Finding alphanumeric return addresses is difficult. You can try searching for opcodes using memdump.exe/msfpescan or ollydbg/windbg, but its still going to be painful. If you do decide to use Metasploit for the exploit, one thing you get "for free" is the ability preprend "\xcc" before your decoded shellcode. Just add a 'Prepend' => "\xcc" into the Payload block of the module. Good luck! -HD On Friday 22 June 2007 04:58, Aaron Adams wrote:
I tried using the Metasploit "shell code" generator and failed. Also - there is no means of delivery via Metasploit so I gave up on using it.
Current thread:
- creating a "cc" opcode from ASCII shell code Aaron Adams (Jun 22)
- Re: creating a "cc" opcode from ASCII shell code Valdis . Kletnieks (Jun 22)
- Re: creating a "cc" opcode from ASCII shell code H D Moore (Jun 22)
- Re: creating a "cc" opcode from ASCII shell code Dude VanWinkle (Jun 24)
- <Possible follow-ups>
- Re: creating a "cc" opcode from ASCII shell code lists73 (Jun 25)