Re: multi-OS infections (Multi OS shellcode)

From: corecode (corecode@corecode.ath.cx)
Date: 07/25/01 

Message-Id: <5.1.0.14.2.20010725123827.00a91d98@spirit>
Date: Wed, 25 Jul 2001 12:48:38 +0000
To: "Riley Hassell" <root@cyphernaut.net>, <vuln-dev@securityfocus.com>, <SECURITY-BASICS@securityfocus.com>
From: corecode <corecode@corecode.ath.cx>
Subject: Re: multi-OS infections (Multi OS shellcode)

multi os/multi arch shellcode is just one way (a nice one, though)

another way for a multi os/multi arch worm would be:
- containing code for each os (or having the possibility to get the needed
code via network connections etc)
- fingerprinting the target system (udp, icmp, tcp)
- injecting the right code

in combination with c sourcecode (almost every unix has a "cc") and/or
shellcode, perl a versatile worm can be created.

further reading at:
http://lcamtuf.na.export.pl/worm.txt
(as it's slow you might to try google's cache:
http://www.google.com/search?q=cache:lcamtuf.na.export.pl/worm.txt )

cheerz
   corecode

At 07:27 PM 7/24/2001, Riley Hassell wrote:

>With all the talk on multi OS shellcode and the possibility of
>cross-platform worm infections I'd like to share a little research I've been
>doing.
>
>-Riley #2 ;)
>
>
>[ Multi OS Shellcode on common architecture ]
>
>Multi OS shellcode is very possible, I don't want to write the manual here
>but here's a couple of quick ideas for everyone to ponder...

<snip>

>[ Multi OS Shellcode on unique architecture ]
>
>Writing shellcode to work across architectures is more difficult, and very
>time consuming. Theoretically to develop Multi-OS/Multi-Arch shellcode, one
>needs a "sampling engine" or a logical path that code can travel down and be
>directed by it's CPU to the correct payload.

Relevant Pages