Re: GetPC code (was: Shellcode from ASCII)

Berend-Jan Wever wrote:

> > PS: Of course, as halvar told me when I through this questions at

   Well... nop slides are not a problem: if you have some approximation of where in memory the shellcode may be, you can always scan for it, and get the right address where it starts, but if you don't know where it is, you may make the process crash while scanning for the shellcode in memory... You could also change nops for inc %eax (or any other register), and then, if you knew the initial value for eax, you would know how many "nops" were executing before the first byte of the shellcode :-)

    On the other hand, there ARE some exploits where you don't know the address of the shellcode, mainly because the vulnerable program is putting it for you in the right place (wu-ftp's ~{, system V login's, and some ssh I remember could be done like this). On that cases you probably can't know the address of your shellcode... but still, there may be some other means of getting it (and not just mov %eip, %eax).

> PS. hi gera, halvar ;)

    :-)

    gera Received on Mon Jun 30 20:26:00 2003

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek