Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] How to decrypt shell code of an exploit?
  • From: Gerhard Sittig <Gerhard.Sittig@xxxxxxx>
  • Date: Wed, 22 Mar 2000 21:11:05 +0100
  • Message-id: <20000322211105.M24822@xxxxxxxxxxxxx>
On Wed, Mar 22, 2000 at 14:02 +0100, Frank Derichsweiler wrote:
>
> unsigned char shellcode[] =
>
> with some rows of "\x ...\x" numbers. I assume that there is
> the coding of a shell command. Unfortunately I do not know how
> to "read" the command.

That's an array (read: data block) containing binary code (obj
code in hex notation). You wouldn't like to read this as text
just like the processor won't try to do :) Have a look at the
toolbox on your computer's disk -- it's plenty of aiding stuff.

rpm -ql binutils

nm(1) and (more likely) objdump(1) should be your friends. And
some literature on the processor's (i386?) internals. Read "man
1 objdump" and look out for the "disass" catch word. Maybe you
want to consult somebody with programming skills (C and
assembly).


virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@xxxxxxx
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.

< Previous Next >
References