Bugtraq mailing list archives
Re: Can't Preventing exploitation with rebasing
From: <bugtraq () gaza halo nu>
Date: Wed, 5 Feb 2003 04:06:45 -0600 (CST)
All difficulties posed by such a "rebasing" technique can be conquered. The only difficulty it presents is getting back to your shellcode. This can be overcome easily unless you're remapping kernel memory as well. The kernel holds secrets to finding loadlibrary and getprocaddress, and a jmp esp which is all you need to make your shellcode dance. DIGRESSION: Dave Litchfield says you can call esp. I don't know Dave's relationships with his registers but this doesn't work if I want to get my eip on top of my shellcode. Always starts executing a memory address for me. Maybe if I took esp out to dinner more often then I could call it instead of having to jump on top of it. Dave, any suggestions for the wine list? END DIGRESSION. There's no silver bullet for security. Security is in a fluid state always, and will always be so. -Jove
Brian Hatch <bugtraq () ifokr org> wrote:People keep saying "but it won't stop everything", and that's true.
This takes the security versus obscurity argument from the realm of personal opinion to one of quantitative statements. We should have a similar goal for this discussion.
Current thread:
- Re: Preventing exploitation with rebasing, (continued)
- Re: Preventing exploitation with rebasing Torbjörn Hovmark (Feb 04)
- Re: Preventing exploitation with rebasing dullien (Feb 05)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 04)
- Re[2]: Preventing exploitation with rebasing dullien (Feb 04)
- RE: Preventing exploitation with rebasing Jason Coombs (Feb 04)
- Re: Preventing exploitation with rebasing Charlie Root (Feb 05)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 05)
- Re: [VulnDiscuss] Re: Preventing exploitation with rebasing Halvar Flake (Feb 05)
- Re: Preventing exploitation with rebasing Brian Hatch (Feb 05)
- Re: Preventing exploitation with rebasing Alan DeKok (Feb 05)
- Re: Can't Preventing exploitation with rebasing bugtraq (Feb 05)
- Re[2]: Can't Preventing exploitation with rebasing dullien (Feb 05)
- Observation on randomization/rebiasing... Nicholas Weaver (Feb 05)
- RE: Observation on randomization/rebiasing... Jason Coombs (Feb 05)
- Re: Preventing exploitation with rebasing Crispin Cowan (Feb 05)
- Re: Preventing exploitation with rebasing David S Goldberg (Feb 05)
- Re: Preventing exploitation with rebasing Alun Jones (Feb 05)
- Re: Preventing exploitation with rebasing Deus, Attonbitus (Feb 06)