Re: Exploit Development Help

[Craig Freyman <craigfreyman () gmail com>]

I've read those tutorials, they're awesome. I'll go re-read them!

On Tue, Jan 11, 2011 at 8:52 AM, Kevin Shaw <kevin.lee.shaw () gmail com>wrote:

> Craig: I'm no expert but I've been working at some of these. I can't find
> the corelan(?) tutorials at the moment but they help learning the memory
> space and how to get around in it. You may need something other than EIP..
>
> On Jan 11, 2011 8:21 AM, "Craig Freyman" <craigfreyman () gmail com> wrote:
> > I've discovered a software bug and I've been trying to figure out if it
> is
> > exploitable. I was wondering if anyone on the list has exploit
> development
> > experience and would be willing to give me a hand. It's not on any well
> > known software so it might be boring to most, but it's very exciting to
> me!
> > So, I imagine that help would come from a generous soul willing to lend a
> > hand :)
> >
> > My bug crashes an application consistently and overwrites the return
> address
> > but then does strange things. I've been told by jduck at Metasploit that
> > this might be exploitable but after reading everything I've found, I'm
> not
> > sure what I'm missing. I am comfortable with basic buffer overflows but
> this
> > one does not appear to be basic. I am certain it is not an SEH overflow
> but
> > can show that EIP is overwritten and I also know the offset.
> >
> > Let me know if anyone is willing to give me some advice. I'll show you my
> > exploit code and give you the software make/version as well.
> >
> > Thanks,
> > Craig
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com