Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] How to decrypt shell code of an exploit?
  • From: Markus Gaugusch <markus@xxxxxxxxxxxxxxxx>
  • Date: Wed, 22 Mar 2000 20:54:21 +0100
  • Message-id: <38D924ED.A4F2FC8A@xxxxxxxxxxxxxxxx>
Frank Derichsweiler wrote:
> Luckyly I found some source within a log of
> another machine. Comments show that there is an
> unsigned char shellcode[] =
> with some rows of "\x ...\x" numbers. I assume that there is the
> coding of a shell command. Unfortunately I do not know how to "read"
> the command. Translating the hex numbers into decimal and using an
> ASCII table does not give a usefull result. Any idea?
yes, thats assembler! can you write a few lines of c code? then just
write the content of "shellcode" into a file and use a disassembler
(don't know any for linux - but this shouldn't be too hard to find :)
> Tips who to detect which root kit was used are welcome, too.
sorry, no idea about this ...

greets
Markus

--
________________________________________
Markus Gaugusch markus@xxxxxxxxxxxxxxxx
ICQ-ID: 11374583 [www.mirabilis.com]

< Previous Next >
References