Vulnerability Development mailing list archives
Re: os/2 shellcode?
From: Michael Wojcik <Michael.Wojcik () MERANT COM>
Date: Mon, 28 Aug 2000 12:46:20 -0700
From: Bluefish (P.Magnusson) [mailto:11a () GMX NET] Sent: Monday, August 28, 2000 10:37 AM
IMHO doing something like: http://www.hack.co.za/shellcode/linux-x86/execve_binsh.c and make something similar for OS/2 shouldn't prove very hard to do if we knew how to execute a file. C:\COMMAND.COM exist under OS/2 as well I believe, but it was a long time since I used OS/2 so I may be wrong. If it exists and reads from stdin, I'd say we're about done :)
You'd probably want to execute CMD.EXE, not COMMAND.COM; COMMAND.COM under OS/2 is the DOS-box command interpreter. It's been a long time since I did any low-level OS/2 programming either, and I've never paid much attention to shellcode construction, but my guess is that it would not be difficult to build some for OS/2. Besides the ordinary techniques, OS/2 (especially later releases) is full of weird hooks to get things like Win-OS/2 and DIVE working. And OS/2 was designed as a single-user, physically-secured system; it doesn't have any sort of security architecture in place by default. (There were some IBM security add-ons, and probably third-party as well.) Oh, and Java shipped with Merlin, and I doubt those JVMs have been rigorously updated, so the early JVM security holes may work. Unfortunately my OS/2 internals books (actually a co-worker's; I didn't have to do much envelope-pushing) are long gone. It shouldn't be hard to find some at a larged used-books outlet, though. Michael Wojcik michael.wojcik () merant com MERANT Department of English, Miami University
Current thread:
- os/2 shellcode? Marc (Aug 26)
- Re: os/2 shellcode? gov-boi (Aug 27)
- Re: os/2 shellcode? Bluefish (P.Magnusson) (Aug 28)
- <Possible follow-ups>
- Re: os/2 shellcode? Michael Wojcik (Aug 28)