Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: PPC OSX Shellcode ASM

Re: PPC OSX Shellcode ASM

From: KF <dotslash_at_snosoft.com>
Date: Tue, 02 Sep 2003 10:51:31 -0400

Nice paper... even though you reference Ghandi at the bottom you may
wanna give specific credit to him for your null free technique...

        ;; Use the magic offset constant 268 because it makes the
        ;; instruction encodings null-byte free.
        addi r31, r31, 268+36
        addi r3, r31, -268 ; r3 = path

http://www.dopesquad.net/security/shellcode/ppc/execve_binsh.s

And If I remember correctly that army.mil webserver is a m68k not ppc...
-KF

> llo there,
> Please find attached my paper
> on designing shellcodes on the PowerPc architecture.
>
> The paper outlines PowerPC architecture fundementals,
> and methods of deriving working shellcodes for the
> exploitation of vulnerabilities discovered on the OSX
> and Darwin Operating Systems.
>
> Very sorry if this considered OFF TOPIC please excuse.
>
> Kind Regards
>
> B-r00t.
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Sep 01 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]