Re: [suse-security] How to decrypt shell code of an exploit?

22 Mar 2000


      Frank Derichsweiler wrote:
...
Luckyly I found some source within a log of
another machine. Comments show that there is an
unsigned char shellcode[] =
with some rows of "\x ...\x" numbers. I assume that there is the
coding of a shell command. Unfortunately I do not know how to "read"
the command. Translating the hex numbers into decimal and using an
ASCII table does not give a usefull result. Any idea?
yes, thats assembler! can you write a few lines of c code? then just
write the content of "shellcode" into a file and use a disassembler
(don't know any for linux - but this shouldn't be too hard to find :)
...
Tips who to detect which root kit was used are welcome, too.
sorry, no idea about this ...
greets
Markus
-- 
________________________________________
Markus Gaugusch  markus@gaugusch.dhs.org
ICQ-ID: 11374583 [www.mirabilis.com]

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

Re: [suse-security] How to decrypt shell code of an exploit?