Pages: [1]

Author Topic: Writing Anti-IDS Shellcode  (Read 1402 times)

0 Members and 1 Guest are viewing this topic.

0x90

  • Guest
Writing Anti-IDS Shellcode
« on: February 07, 2012, 03:07:32 pm »
A great guide to shellcoding that avoids 0x90 (NOP) detection by IDS' by using 0xeb 0x00 (JMP) instructions instead.

http://www.ouah.org/stealthcode.txt
« Last Edit: February 07, 2012, 03:08:51 pm by 0x90 »
Report to moderator   Logged

xor

  • Guest
Re: Writing Anti-IDS Shellcode
« Reply #1 on: February 08, 2012, 05:56:33 am »
Isn't this generally a bad idea with shellcode? I thought the whole idea was to avoid null bytes. You'd have to write an encoder/decoder into the shellcode if you were going to use this method, which obviously will increase the payload as well - not great for smaller buffers.


[EDIT]


Just read the article, you made a typo:


Quote
   Replace this : 0x90
   With this : 0xeb0x02

No null (0x00) byte there.
« Last Edit: February 08, 2012, 05:59:32 am by xor »
Report to moderator   Logged
Pages: [1]