Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: remote exploit

From: 11a () GMX NET (Bluefish)
Date: Sun, 9 Jul 2000 19:37:22 +0200

Ah, *now* I get it ;) Sorry, no morning coffee ...

I thought he was within the shellcode and wanted to jump somewhere from
it. I suppose he could set return adress to another buffer if he can put
information somewhere with an adress which doesn´t contain a null (global
variable mayhap?)... Unless "all" addresses begins with 0x00, it ought to
be possible to exploit. But it could take a lot of work to locate where to
put it (nothing I have practicle experienced of, unfortunatly)


Wouldn't work, since to be able to mov ax,A you have to be able to execute 
code.
His problem is getting the right values on the stack to actually be able to 
execute
anything.

I can't see any solution, except maybe returning into libc or whatever.

--Ralph



..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu  
    eleventh alliance development & security team
Previous By Date Next
Previous By Thread Next

Current thread: