[REVS] Designing Shellcode Demystified

From: support@securiteam.com
Date: 10/17/02 

From: support@securiteam.com
To: list@securiteam.com
Date: 17 Oct 2002 00:14:26 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Designing Shellcode Demystified
------------------------------------------------------------------------

SUMMARY

The following article will try to explain what Shellcodes are, what types
of shellcode exists, and how to create one.

DETAILS

Introduction:
In our previous paper,
<http://www.securiteam.com/securityreviews/6F00B205PU.html> Buffer
Overflows Demystified, we told you that there will be more papers on these
subjects. We kept our promise. Here is the second paper from the same
series. The paper is about the fundamentals of shellcode design and
totally Linux 2.2 on IA-32 specific. The base principles apply to all
architectures, whereas the details might obviously not.

To understand what's going on, some C and assembly knowledge is required.
Virtual Memory, some Operating Systems essentials, like, for example, how
a process is laid out in memory will be helpful. You MUST know what a
setuid binary is, and of course you need to be able to -at least- use UNIX
systems. If you have an experience with gdb/cc, this will be an added
bonus in helping you get on your way. Keep "IA-32 Intel® Architecture
Software Developer's Manual Volume 1: Basic Architecture" at hand. You can
get it from:
<ftp://download.intel.com/design/Pentium4/manuals/24547008.pdf>
ftp://download.intel.com/design/Pentium4/manuals/24547008.pdf

ADDITIONAL INFORMATION

The complete article can be downloaded from:
 <http://www.enderunix.org/docs/en/sc-en.txt>
http://www.enderunix.org/docs/en/sc-en.txt

The information has been provided by <mailto:murat@enderunix.org> Murat
Balaban.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages