Hosting Provided By

Re: Shellcode questions

From: sin <sin(at)insolence.net>
Date: Thu Jun 05 2003 - 14:08:23 EDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All 'shellcode' is, is the character string (traditionally) containing the hex opcodes for processor specific instructions; if you used gcc to create the assembly for your shellcode, then yes it could/would change if a newer version of gcc was used; or if a newer version of the kernel is there *AND* somewhere in there the system calls changed, regardless the instructions wouldnt change because the processor's are the same. You might want to skip gcc altogether and just use plain assembly, the methods you use to use system calls (i wont get into syscalls w/ >6 args), is that you put the system call number into the eax register, then the first arg into ebx, 2nd into ecx, and so on; then call int 80, your return value will be in eax;

xorl %ebx, %ebx
xorl %ecx, %ecx
movb $0x46, %eax
int $0x80

that is the code for a setreuid system call, then all you need to do is call execve.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+34cZoEcehqzkkpgRAmaaAJ9xCw9HxLQdmBNVTUDxVSDWEYBFBQCeJJKx L1BQH0cm1gGE6XbQjmzgSTw=
=s5XV
-----END PGP SIGNATURE-----
Received on Thu Jun 5 14:24:17 2003

This message: [ Message body ]
Next message: xenophi1e: "Re: New Secuity Vulnerabilities"
Previous message: Vade 79: "man[v1.5l]: format string exploit / POC."
In reply to: Discussion Lists: "Shellcode questions"
In reply to Maurizio Marini: "Re: Web single sign-on"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT