Dailydave mailing list archives
Re: XP SP2 - "Exploit writers need to stop being such a pussy"
From: "Halvar Flake" <HalVar () gmx de>
Date: Wed, 11 Aug 2004 19:57:23 +0200 (MEST)
XP Pro comes with the full IIS (5.1) suite; web server, mail server, ftp server, etc. I was testing out some older ISAPI overflows on IIS 5.1 w/XP SP2, the only significant difference in exploiting them is that all regs (cept ebp, esp) are cleared when the exception handler kicks. It took all of 30 seconds or so to get the code working. Simply changing the returnsfrom jmp/call reg to pop/pop/[...]/ret [1] fixed it right up. SP2 doesn'tdo much at all for third-party applications.
The stack canary looks static at first glance, too (altho I haven't installed the files). Anyone played with the memory protection stuff yet ? Cheers, Halvar -- NEU: WLAN-Router für 0,- EUR* - auch für DSL-Wechsler! GMX DSL = supergünstig & kabellos http://www.gmx.net/de/go/dsl _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: XP SP2, (continued)
- Re: XP SP2 Kurt Seifried (Aug 12)
- Re: XP SP2 - "Exploit writers need to stop being such a pussy" Jan Muenther (Aug 11)
- Re: XP SP2 - "Exploit writers need to stop being such a pussy" Halvar Flake (Aug 11)
- Re: XP SP2 - "Exploit writers need to stop being such a pussy" Corey Gilmore (Aug 11)
- Re: XP SP2 - "Exploit writers need to stop being such a pussy" Halvar Flake (Aug 11)
- Re: XP SP2 - "Exploit writers need to stop being such a pussy" Matt Hargett (Aug 11)
- Re: XP SP2 - "Exploit writers need to stop being such a pussy" Halvar Flake (Aug 11)
- Re: XP SP2 - "Exploit writers need to stop being such a pussy" Matt Hargett (Aug 11)
- Re: XP SP2 - "Exploit writers need to stop being such a pussy" Halvar Flake (Aug 11)
- Re: XP SP2 - "Exploit writers need to stop being such a pussy" Blue Boar (Aug 11)
- Re: XP SP2 - "Exploit writers need to stop being such a pussy" H D Moore (Aug 11)
- Re: XP SP2 - "Exploit writers need to stop being such a pussy" Halvar Flake (Aug 11)