Re: Generating shellcode

From: Sergei Kostov (serjat_private)
Date: Mon May 20 2002 - 10:24:56 PDT

Next message: : "Re: saving .asx target file"

Previous message: David Endler: "Evolution of Cross-Site Scripting Attacks"
Maybe in reply to: Ryn: "Generating shellcode"
Next in thread: SpaceWalker: "Re: Generating shellcode"
Reply: SpaceWalker: "Re: Generating shellcode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <20020519180329.00001f3a.corecodeat_private> >Received: (qmail 834 invoked from network); 19 May 2002 17:35:37 -0000 >Received: from outgoing3.securityfocus.com (HELO outgoing.securityfocus.com) (66.38.151.27) > by mail.securityfocus.com with SMTP; 19 May 2002 17:35:37 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19]) > by outgoing.securityfocus.com (Postfix) with QMQP > id 497CEA30AD; Sun, 19 May 2002 11:31:41 -0600 (MDT) >Mailing-List: contact vuln-dev-helpat_private; run by ezmlm >Precedence: bulk >List-Id: <vuln-dev.list-id.securityfocus.com> >List-Post: <mailto:vuln-devat_private> >List-Help: <mailto:vuln-dev-helpat_private> >List-Unsubscribe: <mailto:vuln-dev-unsubscribeat_private> >List-Subscribe: <mailto:vuln-dev-subscribeat_private> >Delivered-To: mailing list vuln-devat_private >Delivered-To: moderator for vuln-devat_private >Received: (qmail 21163 invoked from network); 19 May 2002 16:01:07 -0000 >Date: Sun, 19 May 2002 18:03:29 -0700 >From: Simon 'corecode' Schubert <corecodeat_private> >To: "Ryn" <mattymlat_private> >Cc: vuln-devat_private >Subject: Re: Generating shellcode >Message-Id: <20020519180329.00001f3a.corecodeat_private> >In-Reply-To: <001101c1ff41$8ab1cdb0$0201a8c0@pooh> >References: <001101c1ff41$8ab1cdb0$0201a8c0@pooh> >X-Mailer: Sylpheed version 0.7.6claws4 Win32 (GTK+ 1.3.0; Win32) >Mime-Version: 1.0 >Content-Type: text/plain; charset=US-ASCII >Content-Transfer-Encoding: 7bit >X-Sender: 320050403952-0001@t-dialin.net > >"Ryn" <mattymlat_private> wrote: > >> Howdy, >> >> Do any documents exist explaining how to covert assembly op codes and >> operands to hex? I can use "gdb" or "dis" on Solaris to get: >> >> bc 10 20 00 clr %fp >> e0 03 a0 40 ld [%sp + 64], %l0 >> a2 03 a0 44 add %sp, 68, %l1 >> 9c 23 a0 20 sub %sp, 32, %sp >> 80 90 00 01 orcc %g0, %g1, %g0 >> >> I want to see how to get column 1 - 4 by hand. > >you write the assembler code (or c code) and compile it. after that use objdump to get the bytecode. > >cheerz > corecode > And i do it this way nash sh.asm do sh As far as nasm do just a convertion to hex sh is a simple pure hex code (some call it shell code) without any header as gas do do is a simple proggy which does printf("\\0%x",(unsigned char) c); for the simbols from the file The confusing thin is that you have to convert from AT&T asembly style(gas gdb etc) to INTEL asm style (nasm) But that is no problem.

Next message: : "Re: saving .asx target file"
Previous message: David Endler: "Evolution of Cross-Site Scripting Attacks"
Maybe in reply to: Ryn: "Generating shellcode"
Next in thread: SpaceWalker: "Re: Generating shellcode"
Reply: SpaceWalker: "Re: Generating shellcode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 20 2002 - 11:38:42 PDT