Re: Exploiting network services question

[James Longstreet <jlongs2 () uic edu>]

On Tue, 21 Dec 2004 just-a-nick () gmx net wrote:

> It is (nearly) anything I want, it has to be printable...

Hmm.  That might mess up some things... usually on Linux/BSD the stack
starts in the 0xbfbffxxx range and grows down...

> But the service is remote, so I can't use gdb... Is there an elegant way to
> exploit this kind of vulnerabilities or do I have to brute-force it?

What OS is it running? Is it an open source program? If you can run that
OS on similar (like the same CPU/number of CPUs) and run that program,
then you can too run gdb on it.  The stack should be in a similar place --
you might have to fudge it a bit with a NOP sled, pointing eip somewhere
in the middle of the NOP sled.