Full Disclosure: Re: PPC OSX Shellcode ASM

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: PPC OSX Shellcode ASM

From: KF <dotslash () snosoft com>
Date: Tue, 02 Sep 2003 10:51:31 -0400

Nice paper... even though you reference Ghandi at the bottom you maywanna give specific credit to him for your null free technique...


        ;; Use the magic offset constant 268 because it makes the
       ;; instruction encodings null-byte free.
        addi    r31, r31, 268+36
        addi    r3, r31, -268   ; r3 = path


http://www.dopesquad.net/security/shellcode/ppc/execve_binsh.s

And If I remember correctly that army.mil webserver is a m68k not ppc...
-KF

llo there,
                Please find attached my paper
on designing shellcodes on the PowerPc architecture.

The paper outlines PowerPC architecture fundementals,
and methods of deriving working shellcodes for the
exploitation of vulnerabilities discovered on the OSX
and Darwin Operating Systems.

Very sorry if this considered OFF TOPIC please excuse.

Kind Regards

        B-r00t.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

PPC OSX Shellcode ASM B-r00t (Sep 01)
- Re: PPC OSX Shellcode ASM KF (Sep 01)
- Re: PPC OSX Shellcode ASM Andrew Pinski (Sep 01)