7 replies to this topic

[Barakat]

Hi guys,

Once I've heard in some tutorial about the problem that can happen
when a shellcode is too big to fit in the stack. So how can I calculate
the space and decide if the shellcode can fit or not?
/* I know how to find the shellcode size, but I don't know if it can fit or not */

[webdevil]

that would differ per vulnerability.
shellcodes are meant to be small so that you don't corrupt unnecessary memory locations, thereby terminating the program.

[Barakat]

Thank you webdevil for replay : )

As I understand, we can't know the maximum shellcode size that we can use by using a simple way .. Is this that you want to make ?

[webdevil]

The simplest way to check whether your shellcode can be accommodated is to try it out
On a serious note, you could put in a series of data and keep repeating the process by increasing the data size
and check the memory location to figure out the max size supported.

[Barakat]

Great idea ! Thank you for it : )

[DidierStevens]

A common workaround for lack of space is to use egg-hunt shellcode (which is very small) with your larger shellcode you've planted in memory beforehand (by some other means) or downloader shellcode which downloads your larger shellcode from a server.

[hanintalal]

Hi ,
if I have this Program :

• 
  void superFunction(char* user){
• 
  2 char buffer[256];
• 
  3 char tmpBuffer[512];
• 
  4 char inBuffer[128];

5
6 toUpperCase(tmpBuffer);
7

• 
  8 sprintf (buffer, "Result is: %100s", user);
• 
  9 sprintf (inBuffer, buffer);
• 
  10 }

• 
  then the maximum size of shell code is :
• 
  128+512+265???
• 
  und when the uncertainty of program location is 32 then
• 
  it is
• 
  128+512+265-32??
• 
  or i have to be car full for some thing else ??

[Patrickmoore]

webdevil's opinion completely right you can check the shellcode with typing repeatedly.

Thank You