I’ve added 2 new assembly source files for shellcode to execute a ping.
First one does a simple ping, second one does a ping with the computername and username in the ICMP packet data.
I’ve added 2 new assembly source files for shellcode to execute a ping.
First one does a simple ping, second one does a ping with the computername and username in the ICMP packet data.
RSS feed for comments on this post. TrackBack URI
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Have you looked into Immunity’s MOSDEF? It takes a little time to get use to, but I’m a C programmer at heart so it’s quicker for me than always writing assembly. Usually when I want custom shellcode I write a little (special) C and use MOSDEF.
Comment by Matthew Wollenweber — Monday 22 February 2010 @ 16:04
[…] https://blog.didierstevens.com/2010/02/22/ping-shellcode/ […]
Pingback by Exploit writing tutorial part 9 : Introduction to Win32 shellcoding | Peter Van Eeckhoutte's Blog — Thursday 25 February 2010 @ 16:23
@Matthew No, haven’t looked at MOSDEF, but thanks for the reference. I too have a method to write shellcode in C with some special constructs, I used it for my MemoryLoadr shellcode.
Comment by Didier Stevens — Saturday 27 February 2010 @ 10:53
[…] Ping Shellcode – didierstevens.com I’ve added 2 new assembly source files for shellcode to execute a ping. […]
Pingback by Week 8 in Review – 2010 | Infosec Events — Monday 1 March 2010 @ 12:17
[…] Neither is preventing data egress easy. OK, you can decide to block Pastebin.com. But can you block all sites that can be posted to? Like Wikipedia? And if you can, do you block ICMP packets? […]
Pingback by PDF Info Stealer PoC « Didier Stevens — Monday 8 March 2010 @ 0:01
[…] https://blog.didierstevens.com/2010/02/22/ping-shellcode/ […]
Pingback by [0x0027]Exploit writing tutorial part 9 : Introduction to Win32 shellcoding « Eohnik.c — Sunday 5 September 2010 @ 12:29