Dailydave mailing list archives
Exploitation of EIP with only ASCII
From: "CIRT.DK Mailinglists" <mailinglists () cirt dk>
Date: Sun, 19 Mar 2006 22:08:56 +0100
Hey there I have a question, does any of you have ideas on how to exploit a buffer overflow where the EIP is controlled, but the only valid characters for the part where the EIP are located on the stack are A-Z uppercase and nothing else. In the same bug the SEH are also controlled, but also the only valid characters are uppercase A-Z (x41-x5A) I've tried to see if I could find a valid JMP, JE, JNE CALL EBX but so far no luck. Any Ideas Regards Dennis Rand CIRT.DK
Current thread:
- Re: Wierd bugs are cool bugs. (or as halvar would say "deep sea fish are good eatin'!") Steven M. Christey (Mar 18)
- Re: Re: Wierd bugs are cool bugs. (or as halvar would say "deep sea fish are good eatin'!") Joel Eriksson (Mar 18)
- Exploitation of EIP with only ASCII CIRT.DK Mailinglists (Mar 19)
- Re: Exploitation of EIP with only ASCII H D Moore (Mar 19)
- Re: Exploitation of EIP with only ASCII Halvar Flake (Mar 20)
- Re: Exploitation of EIP with only ASCII Andrew Christensen (Mar 21)
- Re: Exploitation of EIP with only ASCII jnf (Mar 22)
- Exploitation of EIP with only ASCII CIRT.DK Mailinglists (Mar 19)
- Re: Re: Wierd bugs are cool bugs. (or as halvar would say "deep sea fish are good eatin'!") Joel Eriksson (Mar 18)