Thread: [Progress] Jailbreaking Kindle 4.0 (Touch/No Keyboard)
View Single Post
Old 11-27-2011, 03:20 AM   #122
geekmaster
Carpe diem, c'est la vie.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
The shellcode does not have to be in the stack. It could be at any known location, called from the stack smash.

I sent links in the IRC channel that show how to embed shellcode inside a web page image so that it is not visible to the casual observer. The example images show a comparison with and without embedded shellcode. In one shellcode image, the guy has a "dirty arm". The monkey images with embedded NOP Sled are impressive. Here is the link:
http://www.blackhat.com/presentation...-06-Sutton.pdf

*If* you can get a webpage to store its images into a known location (e.g. onscreen framebuffer RAM for visible web page), you could jump to shell code inside the image. I have wikipedia moderator rights and I can load image(s) to wikipedia without *other* moderator approval [but I have yet to try this]...

ASLR exploits:
http://www.ece.cmu.edu/~dbrumley/cou.../docs/aslr.pdf
Last edited by geekmaster; 11-27-2011 at 03:47 AM.
geekmaster is offline   Reply With Quote