Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: multi-OS infections (Multi OS shellcode)

From: corecode <corecode () corecode ath cx>
Date: Wed, 25 Jul 2001 12:48:38 +0000
multi os/multi arch shellcode is just one way (a nice one, though)

another way for a multi os/multi arch worm would be:
- containing code for each os (or having the possibility to get the needed code via network connections etc) 
- fingerprinting the target system (udp, icmp, tcp)
- injecting the right code
in combination with c sourcecode (almost every unix has a "cc") and/or shellcode, perl a versatile worm can be created. 

further reading at:
http://lcamtuf.na.export.pl/worm.txt
(as it's slow you might to try google's cache: http://www.google.com/search?q=cache:lcamtuf.na.export.pl/worm.txt ) 

cheerz
  corecode

At 07:27 PM 7/24/2001, Riley Hassell wrote:


With all the talk on multi OS shellcode and the possibility of
cross-platform worm infections I'd like to share a little research I've been
doing.

-Riley #2 ;)


[     Multi OS Shellcode on common architecture    ]

Multi OS shellcode is very possible, I don't want to write the manual here
but here's a couple of quick ideas for everyone to ponder...


<snip>


[     Multi OS Shellcode on unique architecture    ]

Writing shellcode to work across architectures is more difficult, and very
time consuming.  Theoretically to develop Multi-OS/Multi-Arch shellcode, one
needs a "sampling engine" or a logical path that code can travel down and be
directed by it's CPU to the correct payload.
Previous By Date Next
Previous By Thread Next

Current thread: