Vulnerability Development mailing list archives
Re: Exploiting network services question
From: Vade 79 <v9 () fakehalo deadpig org>
Date: 13 Dec 2004 21:12:54 -0000
In-Reply-To: <5495.1102965153 () www20 gmx net>
Hi everyone, I have a question regarding the exploitation of network services. If I send the following string to a service ["A"x78]["abcd"][junk - up to 430 bytes] I can control eip with "abcd". How can I exploit this? Is there a good tutorial that I should read? Unfortunately I did not find anything usefull with google...
Well, i take it your problem is the limitation of 78 bytes to place the shellcode. If so, often times you can place the shellcode(with nops) after the point of the overflow, ie. 82nd byte onward in your case. However it is also possible, depending on your situation, for that memory to get mangled along the way, if that is the case try placing your shellcode somewheres else in memory(before you cause the overflow)...if all else fails 78 bytes of shellcode room is moderatly decent amount of instructions to work with, doesn't leave much guessing room though :/ if i misunderstood the situation, please reply with more direct information.
Current thread:
- Exploiting network services question just-a-nick (Dec 13)
- <Possible follow-ups>
- Re: Exploiting network services question Vade 79 (Dec 13)
- Re: Exploiting network services question James Longstreet (Dec 21)
- Re: Exploiting network services question just-a-nick (Dec 23)
- Re: Exploiting network services question James Longstreet (Dec 27)