Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: AlphaNumeric Exploitation Help

Re: AlphaNumeric Exploitation Help

From: <6d79676d61696c6163636f756e74_at_gmail.com>
Date: 26 May 2005 20:16:28 -0000
('binary' encoding is not supported, stored as-is) In-Reply-To: <20050526113825.537.qmail_at_www.securityfocus.com>

read this:
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027147.html
=======================
void Encode2AlnumUsage()
{
        fprintf(stderr, ENC2ALNUM_COPYRIGHT);
        fprintf(stderr, "ERROR in Encode2Alnum (invalid input_reg)\n\n");
        fprintf(stderr, "input_reg must be one of the following:\n");
        fprintf(stderr, " reg = the register points to the shellcode\n");
        fprintf(stderr, "\tSupported registers are eax, ebx, ecx, edx, esi, edi,
ebp, esp\n");
        fprintf(stderr, " [reg] = reg points to a pointer to the shellcode\n");
        fprintf(stderr, "\tSupported registers are the same as above\n");
        fprintf(stderr, " reg+X\n");
        fprintf(stderr, " reg-x\n");
        fprintf(stderr, " [reg+X]\n");
        fprintf(stderr, " [reg-x]\n\n\n");
        fprintf(stderr, "\tenc2alnum [eax]\n");
        fprintf(stderr, "Example - Assumes ecx-8 is the shellcode address:\n");
        fprintf(stderr, "\tenc2alnum ecx-8\n");
}
================

>Received: (qmail 5525 invoked from network); 26 May 2005 16:49:47 -0000
>Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27)
> by mail.securityfocus.com with SMTP; 26 May 2005 16:49:47 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
> by outgoing3.securityfocus.com (Postfix) with QMQP
> id D106D237227; Thu, 26 May 2005 09:20:01 -0600 (MDT)
>Mailing-List: contact vuln-dev-help_at_securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <vuln-dev.list-id.securityfocus.com>
>List-Post: <mailto:vuln-dev_at_securityfocus.com>
>List-Help: <mailto:vuln-dev-help_at_securityfocus.com>
>List-Unsubscribe: <mailto:vuln-dev-unsubscribe_at_securityfocus.com>
>List-Subscribe: <mailto:vuln-dev-subscribe_at_securityfocus.com>
>Delivered-To: mailing list vuln-dev_at_securityfocus.com
>Delivered-To: moderator for vuln-dev_at_securityfocus.com
>Received: (qmail 18063 invoked from network); 26 May 2005 12:07:45 -0000
>Date: 26 May 2005 11:38:25 -0000
>Message-ID: <20050526113825.537.qmail_at_www.securityfocus.com>
>Content-Type: text/plain
>Content-Disposition: inline
>Content-Transfer-Encoding: binary
>MIME-Version: 1.0
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: <ramatkal_at_hotmail.com>
>To: vuln-dev_at_securityfocus.com
>Subject: AlphaNumeric Exploitation Help
>
>
>
>I am trying to exploit a vulnerable server which only allows
>alphanumeric characters....
>
>I have successfully taken control of EIP and now need to do a JUMP -600
>bytes.....
>
>The problem is, that 'eb' and 'e9' are not alphanumeric asci codes and
>thus cannot be used to do the jumps in the payload....
>
>Anyone got any ideas/tricks/advice on how i can accomplish a JMP -600 bytes, or any type of jump for that matter, only using alphanumeric chars?
>
>Thanks,
>RaMatkal
>
Received on May 26 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos