Version-independent IOS shellcode, Andy Davis 2008
No hard-coded IOS addresses required
The technique uses 4-byte signatures near references to the
required addresses within the IOS "text" memory region.
The addresses are then recovered from memory and used within the
shellcode.
This is beta 1 - this code can be highly optimised I'm sure,
for example, the search routine could be reused and the number
of registers cleared could be reduced - but it works :-)
As this is the first iteration of this shellcode, I'm not making any
claims as to exactly how portable it is - it has been tested on a
number of IOS images and therefore, the concept has been demonstrated.
Various simple techniques have been used to ensure that there are
no nulls in the shellcode
http://www.milw0rm.com/shellcode/6283
No comments:
Post a Comment