Re: Exploiting network services question

[just-a-nick () gmx net]

James Longstreet wrote:
> On Mon, 13 Dec 2004 just-a-nick () gmx net wrote:
>
>
> > I have a question regarding the exploitation of network services.
> > If I send the following string to a service
> >
> > ["A"x78]["abcd"][junk - up to 430 bytes]

> I'm not sure I understand your question.  Does the value you put in for
> eip have to be alphabetic, or is the "abcd" simply notation for "anything
> I want?"

It is (nearly) anything I want, it has to be printable...

> Both are exploitable -- at least theoretically.  If the return address
> can be anything you want, and if that 430 bytes of junk is also
> controlled by you, put a payload there.  Find out the address of
> that payload (hint: use gdb), and replace "abcd" with that address.

But the service is remote, so I can't use gdb... Is there an elegant way to
exploit this kind of vulnerabilities or do I have to brute-force it?

-- 
+++ Sparen Sie mit GMX DSL +++ http://www.gmx.net/de/go/dsl
AKTION für Wechsler: DSL-Tarife ab 3,99 EUR/Monat + Startguthaben