iis50_printer_overflow

[zodiac at attrition.org (zodiac)]

Sonixxfx,

In terms of exploit writing in general, I've come across two books that 
are really top notch.

The Shellcoder's Handbook: Discovering and Exploiting Security Holes by 
Jack Koziol, et. al. -- Very in depth and well written.

Hacking: The Art of Exploitation by Jon Erickson -- I'd recomend tackling 
this first, the examples are first rate.

Neither of these are free, and they're probably not in a library but it's 
a good investiment.

Cheers!
-MrZ

On Sat, 4 Mar 2006, Dave Killion wrote:

> Sonixxfx,
>
> While I don't have much to offer on exploit-writing in general, I do
> remember when this issue came out, those many years ago.  The original
> jill.c was the first 'kiddie-script-exploit' that I got working effectively
> against remote targets.
>
> Here's all the info I can remember about this issue - I don't know how much
> it you already have:
>
> http://www.microsoft.com/technet/security/bulletin/ms01-023.asp
>
> http://archives.neohapsis.com/archives/bugtraq/2001-05/0006.html
>
> http://www.securityfocus.com/bid/2674/discuss
>
> http://www.cert.org/advisories/CA-2001-10.html
>
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2001-0241
>
> Here's a link to the exploit C code I mentioned:
>
> http://personal.telefonica.terra.es/web/alexb/e/jill.c
>
> Maybe looking through it, despite your lack of C knowledge, will help some.
> It really is compile-and-own script-kiddie-friendly code.
>
> I hope these help...
>
> --
> Dave Killion, CISSP
> Contributing Author, Configuring NetScreen Firewalls
>
> On 3/3/06, Sonixxfx <sonixxfx at gmail.com> wrote:
> > It seems to me it would be good to do additional reading on this subject.
> > I have seen some intresting things under the links section on the Metasploit
> > website. Please let me know about other material I should read, especially
> > if it would be a good addtion to Vinnie Liu's Chapter.
> >
> > Thanks.
> >
> > Regards,
> >
> > Ben