Penetration Testing mailing list archives

Re: can this overflow lead to exploitation?

From: shellcoder1 <shellcoder1 () gmail com>
Date: Wed, 11 Feb 2009 01:16:54 +0300

can you control any register ?
how did you know this is a buffer overflow?
what did you see when you load it in a debugger?


I suggest reading about the subject first before going on.

pen-test wrote:

Hi all,

Just need some help exploiting a doubtd buffer overflow, Well, the
scenario is, i found a cute little app of my friend, vulnerable to overflow(?).
But i can't say at this time whthr itz exploitable or not. Thatz why i
need help,

Ok, what you do when u doubt thrz a chance of exploitation, if an app
get crashed, when given an arbitrary long URL/filename?

In my case the app crashed with a MessageBox from the exception
handler that the "app terminated unexpectdly" and giving a dmp, I just
ran the mem dump thru VS 2005 and got "an Unhandled exception at
0x019f57b0 in app.exe: 0xC0000005:Access violation writing location
0xd357a29f." Seems a null pointer usage, but not sure.

Hmmm, following me?

Now pls help me analyse the case and if exploitable, how? Any online
documentations, e-books ? Above all any experts in buff overflow
exploitation?

Thanks ahead,

Tom

Current thread:

can this overflow lead to exploitation? pen-test (Feb 10)
- Re: can this overflow lead to exploitation? shellcoder1 (Feb 11)
  - Message not available
    - Re: can this overflow lead to exploitation? pen-test (Feb 11)
    - Re: can this overflow lead to exploitation? ArcSighter Elite (Feb 12)
    - Re: can this overflow lead to exploitation? Sanjay R (Feb 18)
- Re: can this overflow lead to exploitation? ArcSighter Elite (Feb 11)