Re: pen testing & obfuscated shell code (more neat stuff)
From: Angelo Dell'Aera (buffer_at_antifork.org)
Date: 02/17/04
- Previous message: Alfred Huger: "OPST vs CEH - Dead Thread"
- In reply to: Karsten Johansson: "Re: pen testing & obfuscated shell code (more neat stuff)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 17 Feb 2004 15:53:51 +0100 To: Karsten Johansson <ksaj@penetrationtest.com>
On 16 Feb 2004 17:52:45 -0000
Karsten Johansson <ksaj@penetrationtest.com> wrote:
>In-Reply-To: <002d01c3f358$6339a660$6401a8c0@harrypotter>
>Since the people that use NOP sleds don't really care about the
>registers and what's on the stack, then there are probably a lot more
>useful NOP sled opcodes available - as long as they don't generate
>errors.
Don't like too much talking about myself but I just want to point out
a work I realized two years ago for showing how to defeat an IDS in
"shellcode catching". In that occasion, I wrote two completely
alphanumeric codes you may find on my homepage (reported below) and
named buffer-i386-raptus.c and buffer-i386-delirium.c. In particular,
the latter is an alphanumeric asm code which builds a shellcode and
then executes it. Using these codes, you can use whatever padding you
want since they make no assumptions on the registers' contents thus
always setting them properly. This is obviously true even if you
generate an alphanumeric shellcode using f.e. Rix's ASC starting by
"I-make-no-assumptions" classic shellcode.
Regards.
-- Angelo Dell'Aera 'buffer' Antifork Research, Inc. http://buffer.antifork.org PGP information in e-mail header
- application/pgp-signature attachment: stored
- Previous message: Alfred Huger: "OPST vs CEH - Dead Thread"
- In reply to: Karsten Johansson: "Re: pen testing & obfuscated shell code (more neat stuff)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
