Vulnerability Development mailing list archives
Re: multi-OS infections (Multi OS shellcode)
From: corecode <corecode () corecode ath cx>
Date: Wed, 25 Jul 2001 12:48:38 +0000
multi os/multi arch shellcode is just one way (a nice one, though) another way for a multi os/multi arch worm would be:- containing code for each os (or having the possibility to get the needed code via network connections etc)
- fingerprinting the target system (udp, icmp, tcp) - injecting the right codein combination with c sourcecode (almost every unix has a "cc") and/or shellcode, perl a versatile worm can be created.
further reading at: http://lcamtuf.na.export.pl/worm.txt(as it's slow you might to try google's cache: http://www.google.com/search?q=cache:lcamtuf.na.export.pl/worm.txt )
cheerz corecode At 07:27 PM 7/24/2001, Riley Hassell wrote:
With all the talk on multi OS shellcode and the possibility of cross-platform worm infections I'd like to share a little research I've been doing. -Riley #2 ;) [ Multi OS Shellcode on common architecture ] Multi OS shellcode is very possible, I don't want to write the manual here but here's a couple of quick ideas for everyone to ponder...
<snip>
[ Multi OS Shellcode on unique architecture ] Writing shellcode to work across architectures is more difficult, and very time consuming. Theoretically to develop Multi-OS/Multi-Arch shellcode, one needs a "sampling engine" or a logical path that code can travel down and be directed by it's CPU to the correct payload.
Current thread:
- RE: A code red that could bring down the net?, (continued)
- RE: A code red that could bring down the net? Jason Lewis (Jul 23)
- Win32.Sircam.Worm Alert..... EPiC (Jul 23)
- Re: Win32.Sircam.Worm Alert..... H D Moore (Jul 24)
- Re: Win32.Sircam.Worm Alert..... Martin Lindquist (Jul 24)
- Re: Win32.Sircam.Worm Alert..... horape (Jul 25)
- Re: Win32.Sircam.Worm Alert..... Pete Sherwood (Jul 25)
- Re: Win32.Sircam.Worm Alert..... Miguel Angel Rodriguez Jodar (Jul 25)
- multi-OS infections (was Re: A code red that could bring down the net? Meritt James (Jul 23)
- Re: multi-OS infections (Multi OS shellcode) Riley Hassell (Jul 24)
- Re: multi-OS infections (Multi OS shellcode) Damir Rajnovic (Jul 25)
- Re: multi-OS infections (Multi OS shellcode) corecode (Jul 25)
- RE: A code red that could bring down the net? Dom De Vitto (Jul 23)
- Re: A code red that could bring down the net? Birger Toedtmann (Jul 23)
- Re: A code red that could bring down the net? Michael Tench (Jul 23)
- Re: A code red that could bring down the net? Felix Harris (Jul 24)
- Re: A code red that could bring down the net? David R. Conrad (Jul 25)
- Re: A code red that could bring down the net? Lynn Crumbling (Jul 25)
- Re: A code red that could bring down the net? Sven van ´t Veer (Jul 26)
- Re: A code red that could bring down the net? security curmudgeon (Jul 26)
- Re: A code red that could bring down the net? Ian Stoba (Jul 25)
- Re: A code red that could bring down the net? Michael Tench (Jul 26)