Re: Dailydave Digest, Vol 13, Issue 12

["Mefire Omar" <massa () iut-dhaka edu>]

Hi

Please , i would like to know what exactly to read and what to study to be
able to develop exploits and know what most of the guys writing to this mail
list know ...
can you please give me some answers and if possible , also give me
references to certain books .

Thanks



--------- Original Message --------
From: dailydave () lists immunitysec com
To: dailydave () lists immunitysec com <dailydave () lists immunitysec com>
Subject: Dailydave Digest, Vol 13, Issue 12
Date: Thu 08/24/06 11:01 PM

> Send Dailydave mailing list submissions to
>       dailydave () lists immunitysec com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>       http://lists.immunitysec.com/mailman/listinfo/dailydave
> or, via email, send a message with subject or body 'help' to
>       dailydave-request () lists immunitysec com
>
> You can reach the person managing the list at
>       dailydave-owner () lists immunitysec com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Dailydave digest..."
>
>
> Today's Topics:
>
>    1. odd exploitation question (Jeremy Kelley)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 24 Aug 2006 10:10:59 -0500
> From: Jeremy Kelley
> Subject: [Dailydave] odd exploitation question
> To: dailydave () lists immunitysec com
> Message-ID:
> Content-Type: text/plain; charset=us-ascii
>
> I'm a little stumped writing an exploit for an ActiveX object and so I
> figured I'd pester this list for a bit of help.
>
> My exploit works flawlessy when attached to the process in the
> debugger.  Doesn't exec calc.exe when run w/o a debugger.
>
> I'm overwriting an SEH func pointer, doing the pop/pop/ret back into
> my shellcode, and everything runs fine.  The payload is a simple
> _execv call that pops up calc.exe.  Platform at this point is
> Win2k/IE6.
>
> Questions:
>
> 1) The heap is different when run under a debugger (thx HD for the
> tip), but, I'm attaching the process with Olly _after_ it's already
> running.  Windows doesn't do some whacked-out mojo and start using the
> debug-heap on any heap allocations following, right?  I can't fathom
> how that would work.
>
> 2) What could cause the shellcode to execute flawlessly under a
> debugger but not other times.  It's an exec - so I can't imagine the
> process is dying before it's kickstarted calc.exe.. exec doesn't work
> that way.
>
> Any help is greatly appreciated.  If I've left out necessary details,
> I'll be glad to share.
>
> thanks for reading this far,
> jeremy
>
> --
> Jeremy Kelley         Threat Assessment Analyst
> gpg  1024D/E0DF8B2D  4BC3 B8B5 5B42 CC8E B6A9 2E85 32D3 C51C E0DF 8B2D
> That's the problem with science.  You've got a bunch of empiricists
> trying to describe things of unimaginable wonder.      -Bill Watterson
>
>
> ------------------------------
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
> End of Dailydave Digest, Vol 13, Issue 12
> *****************************************

__________________________________________
Message sent through the Mailserver of IUT

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave