lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <120120031421.5117.70c3@comcast.net>
From: amebix at comcast.net (amebix@...cast.net)
Subject: Assembly Code Question 

>Just two quick questions about DCOM exploit code (Please excuse my 
>ignorance):

>1) Why did each request have to be coded in assembly?
>and
 
I believe you are referring to the shellcodes at the beginning of the DCOM exploit,
 
"char shellcode[]"  
 
and so on. Those are the shellcodes needed to open a remote shell once the exploit has overflowed the buffer. I wont get into a long detailed reason why the ASM is nessecary but once the overflow has occured the programs flow of execution is pointed at that those assembely instructions to create your shell or set root privelages or whatever your shellcode happens to do. The reason some of them are different is because the RPC version was different for each operating system the exploit worked on. Some offsets and overflow sizes had to be adjusted.
 

>2) Was each request hand coded or are there tools that help them to 
>construct each request in assembly?

Most tools that say they can write shellcode only at best help in the process. You might want to search www.packetstormsecurity. for docs on how to write your own shellcode.
 

>Much appreciated!

 
You can learn alot more about buffer overflows and those shellcode instructions from the web, theres plenty of papers on the subject. 'Smashing the Stack for Fun and Profit' was one of the longer and better ones.
 
Chris@...secure.net 
my email is down :[


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ