Dailydave mailing list archives
Re: Shellcode
From: <halvar () gmx de>
Date: Wed, 30 Nov 2005 02:17:58 -0800
On a related note:why do we care about small bindshells any more ? It's not 2001/2002 (or earlier)
any more, and "read/exec" stubs would make a lot more sense. Everyonedoes (or should do) extra code injection (or similarly complex things) with full encryption etc.
So why do we talk about smaller shellcodes for Win/Linux in general ? We need read/exec
primitives and that's about it.Something else to consider: If given code execution on an embedded device, how can we reliably locate certain functions in the embedded system's image (which we want to use) in a good manner ? We do not have an "export table" structure, so our best bet is implementing either some sort of hashing over the code section that finds
our stuff or a small disassembler. Now here's a fun game:
1) For each architecture in {x86, MIPS, PPC, ARM} do:
2) Write smallest possible "disassembly engine" that given an address it
retrieves
the end of the basic block this address belongs to and the address
of the basic
block this address jumps to.
Then we'd have something useful to play with.
Cheers,
Halvar
Current thread:
- RE: Shellcode, (continued)
- RE: Shellcode Dave Korn (Nov 29)
- RE: Shellcode Dave Korn (Nov 29)
- Re: Shellcode Alexander Sotirov (Nov 29)
- Re: Shellcode Isaac Dawson (Nov 29)
- Re: Shellcode Dave Aitel (Nov 29)
- Re: Shellcode H D Moore (Nov 29)
- Re: Shellcode halvar (Nov 30)
- RE: Shellcode Dafydd Stuttard (Nov 30)
- Re: Shellcode halvar (Nov 30)
- Re: HOLY GOD WE ARE SO OLD Matt Hargett (Nov 30)
- Re: Shellcode Isaac Dawson (Nov 29)
- Re: Shellcode halvar (Nov 30)
- Re: Shellcode Dustin D. Trammell (Nov 30)
- RE: Shellcode Dave Korn (Nov 30)
- RE: Shellcode Dave Korn (Nov 29)