[Full-Disclosure] PPC OSX Shellcode ASM
KF
dotslash at snosoft.com
Tue Sep 2 15:51:31 BST 2003
Nice paper... even though you reference Ghandi at the bottom you may
wanna give specific credit to him for your null free technique...
;; Use the magic offset constant 268 because it makes the
;; instruction encodings null-byte free.
addi r31, r31, 268+36
addi r3, r31, -268 ; r3 = path
http://www.dopesquad.net/security/shellcode/ppc/execve_binsh.s
And If I remember correctly that army.mil webserver is a m68k not ppc...
-KF
> llo there,
> Please find attached my paper
> on designing shellcodes on the PowerPc architecture.
>
> The paper outlines PowerPC architecture fundementals,
> and methods of deriving working shellcodes for the
> exploitation of vulnerabilities discovered on the OSX
> and Darwin Operating Systems.
>
> Very sorry if this considered OFF TOPIC please excuse.
>
> Kind Regards
>
> B-r00t.
>
>
Full-Disclosure is hosted and sponsored by Secunia.