Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Analyzing Shellcode
From: "Paul Melson" <pmelson () gmail com>
Date: Mon, 9 Nov 2009 14:31:38 -0500

i am trying to analyze the shellcode used in this exploit:
http://www.milw0rm.com/exploits/7477

If i echo the unescaped shellcode i only get wierd chinese (i think)
letters.

What's the right way to analyze what kind of shellcode is beeing used and
what command > is beeing executed by it.

You picked quite the example there.  You can echo the unescaped code and
you'll get UTF-16 characters.  You can use iconv to convert to UTF-8 and
then \x it up, compile it in a mock-up executable, then debug it to get at
the assembly.

But you'll see in the comments above the JavaScript unescape call that the
payload was generated with Metasploit using the shikata_ga_nai encoder,
which encodes the original exploit as polymorphic shellcode using XOR.
That's going to be an exercise on its own.

PaulM



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]