Here are some ideas that I have read about but never tested, although they
might be worth exploring.
If you know the offset of your jmp instruction you might be able to get away
with adding or subtracting from it to get the value you need.
You can also try an ASCII shellcode encoder such as the one at
http://www.nologin.net/main.pl?action=codeView&codeId=40&
Let me know if any of the above work for you.
Cosmin
-----Original Message-----
From: ramatkal_at_hotmail.com [mailto:ramatkal_at_hotmail.com]
Sent: Thursday, May 26, 2005 6:38 AM
To: vuln-dev_at_securityfocus.com
Subject: AlphaNumeric Exploitation Help
I am trying to exploit a vulnerable server which only allows
alphanumeric characters....
I have successfully taken control of EIP and now need to do a JUMP -600
bytes.....
The problem is, that 'eb' and 'e9' are not alphanumeric asci codes and
thus cannot be used to do the jumps in the payload....
Anyone got any ideas/tricks/advice on how i can accomplish a JMP -600 bytes,
or any type of jump for that matter, only using alphanumeric chars?
Thanks,
RaMatkal
- application/x-pkcs7-signature attachment: smime_p7s
Received on May 26 2005
Intro
