Re: Exploiting network services question

[Vade 79 <v9 () fakehalo deadpig org>]

In-Reply-To: <5495.1102965153 () www20 gmx net>


> Hi everyone,
>
> I have a question regarding the exploitation of network services.
> If I send the following string to a service
>
> ["A"x78]["abcd"][junk - up to 430 bytes]
>
> I can control eip with "abcd". How can I exploit this? Is there a good
> tutorial that I should read? Unfortunately I did not find anything usefull
> with google...

Well, i take it your problem is the limitation of 78 bytes to place the shellcode.  If so, often times you can place 
the shellcode(with nops) after the point of the overflow, ie. 82nd byte onward in your case.  However it is also 
possible, depending on your situation, for that memory to get mangled along the way, if that is the case try placing 
your shellcode somewheres else in memory(before you cause the overflow)...if all else fails 78 bytes of shellcode room 
is moderatly decent amount of instructions to work with, doesn't leave much guessing room though :/

if i misunderstood the situation, please reply with more direct information.