Vulnerability Development mailing list archives
Re: shellcode with standard characters
From: KF <dotslash () snosoft com>
Date: Thu, 12 Jun 2003 16:07:16 -0700
JohnnyRun wrote:
Hi! This is my first post and I'm looking for some documentation. A friend of mine has produced a segfault with malloc vulnerability on an application. We would like to produce something more interesting. The field overflowed can accept only characters between 0 and 128. Any other character is replaced with a whitespace. Can we inject shellcode with only this characters avaible? Can you suggest me documentation about shellcode writing? Thanks a lot JohnnyRun
You should play around with the ABO tutorials by gera of COREST. For example http://community.core-sdi.com/~gera/InsecureProgramming/abo9.html http://twiki.org/cgi-bin/view/Sandbox/SolutionsToAbo9I have no clue what language this is but it has solutions to the other ABO programs... for some people seeing the exploitation process helps them duplicate the scenario on their own box... so sorry if anyone thinks I spoiled the fun.
http://www.moon-soft.com/doc/readelite377385.htm as for shellcode... http://buffer.antifork.org/shellcode/buffer-i386-raptus.c http://www.phrack.org/phrack/57/p57-0x0f http://www.shellcode.com.ar/linux/lnx-alfanumeric.c -KF
Current thread:
- shellcode with standard characters JohnnyRun (Jun 12)
- Re: shellcode with standard characters andrewg (Jun 12)
- Re: shellcode with standard characters KF (Jun 12)
- Re: shellcode with standard characters sin (Jun 12)
- Re: shellcode with standard characters Jose Ronnick (Jun 12)
- Re: shellcode with standard characters steve (Jun 12)