Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: pen testing & obfuscated shell code
From: Dragos Ruiu <dr () kyx net>
Date: Wed, 11 Feb 2004 19:56:15 -0800

On February 10, 2004 05:24 am, Don Parker wrote:
Hello Marius, indeed the trick is in using a 1 byte function, but also in
making sure that it does not affect the egg itself. That is the real trick.
There is no shortage of 1 byte functions for use, problem is to make it
still works after. It is simple to just use an ascii character as well, but
that is a different story as well. Thanks for your reply :-)

List of NOP equivalents: http://dragos.com/noplist-v1-1.txt

Not all the world's an x86. Other arches use lengths other than one.

In some cases/exploits you can use multibyte NOP sleds.
Also see K2's ADMmutate....

cheers,
--dr

(I should really add PPC one of these days... info donations welcome :-)

-- 
Top security experts.  Cutting edge tools, techniques and information.
Vancouver, Canada       April 21-23 2004  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]