RE: AlphaNumeric Exploitation Help

["Stejerean, Cosmin" <cstejere () cs depaul edu>]

Here are some ideas that I have read about but never tested, although they
might be worth exploring.

If you know the offset of your jmp instruction you might be able to get away
with adding or subtracting from it to get the value you need.

You can also try an ASCII shellcode encoder such as the one at
http://www.nologin.net/main.pl?action=codeView&codeId=40&;


Let me know if any of the above work for you.



Cosmin

 

-----Original Message-----
From: ramatkal () hotmail com [mailto:ramatkal () hotmail com] 
Sent: Thursday, May 26, 2005 6:38 AM
To: vuln-dev () securityfocus com
Subject: AlphaNumeric Exploitation Help



I am trying to exploit a vulnerable server which only allows
alphanumeric characters....

I have successfully taken control of EIP and now need to do a JUMP -600
bytes.....

The problem is, that 'eb' and 'e9' are not alphanumeric asci codes and 
thus cannot be used to do the jumps in the payload....

Anyone got any ideas/tricks/advice on how i can accomplish a JMP -600 bytes,
or any type of jump for that matter, only using alphanumeric chars?

Thanks,
RaMatkal

Attachment: smime.p7s
Description: