Didier Stevens

Monday 22 February 2010

Ping Shellcode

Filed under: My Software,Shellcode — Didier Stevens @ 10:26

I’ve added 2 new assembly source files for shellcode to execute a ping.

First one does a simple ping, second one does a ping with the computername and username in the ICMP packet data.

6 Comments »

  1. Have you looked into Immunity’s MOSDEF? It takes a little time to get use to, but I’m a C programmer at heart so it’s quicker for me than always writing assembly. Usually when I want custom shellcode I write a little (special) C and use MOSDEF.

    Comment by Matthew Wollenweber — Monday 22 February 2010 @ 16:04

  2. @Matthew No, haven’t looked at MOSDEF, but thanks for the reference. I too have a method to write shellcode in C with some special constructs, I used it for my MemoryLoadr shellcode.

    Comment by Didier Stevens — Saturday 27 February 2010 @ 10:53

  3. [...] Ping Shellcode – didierstevens.com I’ve added 2 new assembly source files for shellcode to execute a ping. [...]

    Pingback by Week 8 in Review – 2010 | Infosec Events — Monday 1 March 2010 @ 12:17

  4. [...] Neither is preventing data egress easy. OK, you can decide to block Pastebin.com. But can you block all sites that can be posted to? Like Wikipedia? And if you can, do you block ICMP packets? [...]

    Pingback by PDF Info Stealer PoC « Didier Stevens — Monday 8 March 2010 @ 0:01


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 230 other followers

%d bloggers like this: