Government Security
Network Security Resources

Jump to content

Photo

How Can I Know If The Shellcode Can Fit Or Not?

shell tutorial
  • Please log in to reply
7 replies to this topic

#1 Barakat

Barakat

    Private

  • Members
  • 5 posts

Posted 14 January 2011 - 02:49 PM

Hi guys,

Once I've heard in some tutorial about the problem that can happen
when a shellcode is too big to fit in the stack. So how can I calculate
the space and decide if the shellcode can fit or not?
/* I know how to find the shellcode size, but I don't know if it can fit or not */



#2 webdevil

webdevil

    Retired GSO General

  • Sergeant Major
  • 1,195 posts

Posted 15 January 2011 - 11:27 AM

that would differ per vulnerability.
shellcodes are meant to be small so that you don't corrupt unnecessary memory locations, thereby terminating the program.

#3 Barakat

Barakat

    Private

  • Members
  • 5 posts

Posted 16 January 2011 - 07:44 AM

Thank you webdevil for replay : )

As I understand, we can't know the maximum shellcode size that we can use by using a simple way .. Is this that you want to make ?


#4 webdevil

webdevil

    Retired GSO General

  • Sergeant Major
  • 1,195 posts

Posted 18 January 2011 - 02:01 AM

The simplest way to check whether your shellcode can be accommodated is to try it out :P
On a serious note, you could put in a series of data and keep repeating the process by increasing the data size
and check the memory location to figure out the max size supported.



#5 Barakat

Barakat

    Private

  • Members
  • 5 posts

Posted 18 January 2011 - 05:58 AM

Great idea ! Thank you for it : )


#6 DidierStevens

DidierStevens

    Specialist

  • Sergeant Major
  • 100 posts

Posted 20 January 2011 - 01:04 PM

A common workaround for lack of space is to use egg-hunt shellcode (which is very small) with your larger shellcode you've planted in memory beforehand (by some other means) or downloader shellcode which downloads your larger shellcode from a server.

#7 hanintalal

hanintalal

    Private

  • Members
  • 1 posts

Posted 06 July 2012 - 05:55 AM

Hi ,
if I have this Program :


  • void superFunction(char* user){

  • 2 char buffer[256];

  • 3 char tmpBuffer[512];

  • 4 char inBuffer[128];
5
6
toUpperCase(tmpBuffer);
7

  • 8 sprintf (buffer, "Result is: %100s", user);

  • 9 sprintf (inBuffer, buffer);

  • 10 }

  • then the maximum size of shell code is :

  • 128+512+265???

  • und when the uncertainty of program location is 32 then

  • it is

  • 128+512+265-32??

  • or i have to be car full for some thing else ??


#8 Patrickmoore

Patrickmoore

    Private

  • Members
  • 1 posts

Posted 11 March 2013 - 01:52 AM

webdevil's opinion completely right you can check the shellcode with typing repeatedly.

Thank You







Also tagged with one or more of these keywords: shell, tutorial