Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: FreeBSD shellcode
From: Bruno Morisson (morissongenhex.org)
Date: Tue Sep 21 2004 - 03:29:09 CDT
Check out http://packetstorm.widexs.nl/0007-exploits/7350qpop.c
* The pop pointer has to be exact, if it hits one of the forbidden
* (0x0a, 0x41-0x5b, 0x80-0x9f) you're out of luck. The return address
* modified in a window of about 50 bytes, this is enough.
It seems you're hitting the forbidden range...
Bruno Morisson <morissongenhex.org>
Joshua Davis wrote:
> Hi. I developed some simple shellcode and sent it to my FreeBSD box along
> with a custom format string to exploit Qpop 2.53. When the shellcode didn't
> work and GDB reported 'illegal instruction', I compared and contrasted. To
> my suprise, Qpop or FreeBSD had taken the bytes 0x80, 0x88, and 0x89 from my
> shellcode. Does anyone have any idea why this occurred? I assume a range of
> values is being exclused. 0x79 was fine.
- application/pgp-signature attachment: OpenPGP digital signature