Vulnerability Development mailing list archives

Re: ms03-049 exploit xp sp0

From: "upb" <upb () email ee>
Date: Thu, 13 Nov 2003 03:25:25 +0200

Umm, this is what u get when ur tired :P

----- Original Message ----- 
From: "upb" <upb () email ee>

00000000: EB14                         jmps        000000016
00000002: 832C2440                     sub         d,[esp],040 ;"@"
00000006: E8F5FFFFFF                   call        000000000

That code was supposed to be:
 00000000: EB05                         jmps        000000007
 00000002: 832C2440                     sub         d,[esp],040 ;"@"
 00000006: C3                           retn
 00000007: E8F6FFFFFF                   call        000000002

And ofcourse the shortest way to jump back is by using the "jmp" instruction
:)
00000004: E9F7FFFFFF                   jmp         000000000
or
00000004: EBFA                         jmps        000000000

upb

Current thread:

ms03-049 exploit xp sp0 wirepair (Nov 12)
- Re: ms03-049 exploit xp sp0 upb (Nov 12)
- <Possible follow-ups>
- Re: ms03-049 exploit xp sp0 upb (Nov 12)
- Re: ms03-049 exploit xp sp0 dave (Nov 13)