Penetration Testing mailing list archives
Re: can this overflow lead to exploitation?
From: ArcSighter Elite <arcsighter () gmail com>
Date: Wed, 11 Feb 2009 09:01:31 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 pen-test wrote:
Hi all, Just need some help exploiting a doubtd buffer overflow, Well, the scenario is, i found a cute little app of my friend, vulnerable to overflow(?). But i can't say at this time whthr itz exploitable or not. Thatz why i need help, Ok, what you do when u doubt thrz a chance of exploitation, if an app get crashed, when given an arbitrary long URL/filename? In my case the app crashed with a MessageBox from the exception handler that the "app terminated unexpectdly" and giving a dmp, I just ran the mem dump thru VS 2005 and got "an Unhandled exception at 0x019f57b0 in app.exe: 0xC0000005:Access violation writing location 0xd357a29f." Seems a null pointer usage, but not sure. Hmmm, following me? Now pls help me analyse the case and if exploitable, how? Any online documentations, e-books ? Above all any experts in buff overflow exploitation? Thanks ahead, Tom
As I already said a lot of times, it's practically impossible to give people feedback with such a little information. But you must know that in most cases where you can leverage an arbitrary DWORD overwrite, then it will be probably more than exploitable; of course, in the case you can control that address (and have a buffer in control, too, of course, to egghunt or not). Following the code path would give you more information, but the fact is that yes at first glance may be exploitable, but you have to consider the other issues, the code and data flow, input manipulation, protections in place, etc. Sincerely. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJkto7H+KgkfcIQ8cRAicbAKDmNkXb8fFWxs7yRaecnAkYIHkqYQCfYdyG DkMra44S7ebAfl4qusGThvU= =dYSU -----END PGP SIGNATURE-----
Current thread:
- can this overflow lead to exploitation? pen-test (Feb 10)
- Re: can this overflow lead to exploitation? shellcoder1 (Feb 11)
- Message not available
- Re: can this overflow lead to exploitation? pen-test (Feb 11)
- Re: can this overflow lead to exploitation? ArcSighter Elite (Feb 12)
- Re: can this overflow lead to exploitation? Sanjay R (Feb 18)
- Message not available
- Re: can this overflow lead to exploitation? shellcoder1 (Feb 11)