Vulnerability Development mailing list archives

Re: problem to exploit a stack overflow

From: <6d79676d61696c6163636f756e74 () gmail com>
Date: 25 May 2005 16:25:25 -0000

In-Reply-To: <433ee3d9050524070923ba6ab5 () mail gmail com>

so the access violation happend (this time)  in the beging of the
shellcode !!!? is that a security future in xp sp2 ? or samething
else? can sameone help me to understand this .
thank you


You have overwritten ebp with nops... then you are trying to mov the value 63h to ebp-4 and you get an access violation.

Basically what you are trying to do with your shellcode is call winexec routine on "cmd" - and for that you are trying 
to push "cmd" onto the stack, then push a null, then call winexec.

Unfortunately for you, ebp is not pointing to the stack - you have corrupted it with nops, but since you got control of 
the cpu - you can move whatever value to whatever (accessible) location and fix things...
Also, you can reset all the registers to whatever values you want.

Good luck

Current thread:

problem to exploit a stack overflow migalo digalo (May 23)
- Re: problem to exploit a stack overflow Valdis . Kletnieks (May 25)
- <Possible follow-ups>
- problem to exploit a stack overflow migalo digalo (May 25)
  - Re: problem to exploit a stack overflow Daniele Milan (May 25)
- Re: problem to exploit a stack overflow 6d79676d61696c6163636f756e74 (May 25)