Vulnerability Development mailing list archives
Re: remote exploit
From: 11a () GMX NET (Bluefish)
Date: Sun, 9 Jul 2000 19:37:22 +0200
Ah, *now* I get it ;) Sorry, no morning coffee ... I thought he was within the shellcode and wanted to jump somewhere from it. I suppose he could set return adress to another buffer if he can put information somewhere with an adress which doesn´t contain a null (global variable mayhap?)... Unless "all" addresses begins with 0x00, it ought to be possible to exploit. But it could take a lot of work to locate where to put it (nothing I have practicle experienced of, unfortunatly)
Wouldn't work, since to be able to mov ax,A you have to be able to execute code. His problem is getting the right values on the stack to actually be able to execute anything. I can't see any solution, except maybe returning into libc or whatever. --Ralph
..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: remote exploit Bluefish (Jul 09)