PaulDotCom mailing list archives
Re: Exploit Development Help
From: Kevin Shaw <kevin.lee.shaw () gmail com>
Date: Tue, 11 Jan 2011 10:52:05 -0500
Craig: I'm no expert but I've been working at some of these. I can't find the corelan(?) tutorials at the moment but they help learning the memory space and how to get around in it. You may need something other than EIP.. On Jan 11, 2011 8:21 AM, "Craig Freyman" <craigfreyman () gmail com> wrote:
I've discovered a software bug and I've been trying to figure out if it is exploitable. I was wondering if anyone on the list has exploit development experience and would be willing to give me a hand. It's not on any well known software so it might be boring to most, but it's very exciting to
me!
So, I imagine that help would come from a generous soul willing to lend a hand :) My bug crashes an application consistently and overwrites the return
address
but then does strange things. I've been told by jduck at Metasploit that this might be exploitable but after reading everything I've found, I'm not sure what I'm missing. I am comfortable with basic buffer overflows but
this
one does not appear to be basic. I am certain it is not an SEH overflow
but
can show that EIP is overwritten and I also know the offset. Let me know if anyone is willing to give me some advice. I'll show you my exploit code and give you the software make/version as well. Thanks, Craig
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Exploit Development Help Craig Freyman (Jan 11)
- <Possible follow-ups>
- Re: Exploit Development Help Kevin Shaw (Jan 11)
- Re: Exploit Development Help Craig Freyman (Jan 11)