Vulnerability Development mailing list archives
3COM TFTPD Overflow: SEH Overwrite
From: jeremy.junginger () gmail com
Date: 25 Jan 2008 14:58:43 -0000
I'm attempting to exploit an already known bug in 3COM TFTPD server, and execute "calc.exe" with my shellcode. I have control of ECX/EIP, and can overwrite both SEH and pointer to next SEH successfully, and have used: Pointer to next SEH: \xeb\x10\x90\x90 SEH: \x69\x12\xab\x71 (POP/POP/RET in ws2_32.dll) A full writeup with screenshots is available at: http://filebin.ca/pmuwqm/SEHOverwrite.rtf I'm getting "Debugged program was unable to process exception", so I hit shift+f9 (in olly) and it terminates with some strange exit code. Could you take a peek and see what I'm missing here? Thanks guys! -jj
Current thread:
- 3COM TFTPD Overflow: SEH Overwrite jeremy . junginger (Jan 25)