Vulnerability Development mailing list archives

Re: remote exploit

From: core.lists.exploit-dev () CORE-SDI COM (Gerardo Richarte)
Date: Mon, 10 Jul 2000 15:41:08 -0300


Jim Stickley wrote:


Hello,

I can't send it a null so sending \x00\x11\x11\x11 will not work.


If after buffer overflowing you have a register pointing to your code (let's
say EBX) find a JMP EBX in memory in an address that is accesible for you, and
jump there, the JMP EBX will do the rest for you.

        richie


--
A390 1BBA 2C58 D679 5A71 - 86F9 404F 4B53 3944 C2D0
Investigacion y Desarrollo - CoreLabs - Core SDI
http://www.core-sdi.com

--- For a personal reply use gera () core-sdi com

Current thread:

Re: BitchX /ignore bug, (continued)
- - - Re: BitchX /ignore bug Hogenberg, Richard (Jul 07)
    - Re: BitchX /ignore bug Bluefish (Jul 07)
    - Re: BitchX /ignore bug Schlachter, Jake (Jul 07)
    - Re: BitchX /ignore bug Bluefish (Jul 08)
    - Re: BitchX /ignore bug Christofer C. Bell (Jul 08)
    - Re: BitchX /ignore bug Erich Meier (Jul 11)
    - Re: BitchX /ignore bug Ron DuFresne (Jul 07)
    - Re: BitchX /ignore bug Juan M. Courcoul (Jul 07)
    - remote exploit Jim Stickley (Jul 07)
    - Re: remote exploit Bluefish (Jul 08)
    - Re: remote exploit Gerardo Richarte (Jul 10)
    - Re: BitchX /ignore bug Matthew S. Hallacy (Jul 06)
    - Updated Default Account Database Eric Knight (Jul 06)
    - Re: Updated Default Account Database Jesus D. Muz@oz Largo (Jul 12)
    - Re: Updated Default Account Database Nathan Einwechter (Jul 12)
    - some things to play with Firstname Lastname (Jul 13)
    - Re: some things to play with Vladimir Dubrovin (Jul 14)
    - Re: some things to play with Firstname Lastname (Jul 14)
    - Re: some things to play with Vladimir Dubrovin (Jul 17)
    - Red Hat Linux 6.2 - VIM 5.6 Paulo Ribeiro (Jul 12)
    - Re: BitchX /ignore bug Jeremy Gaddis (Jul 06)

(Thread continues...)