[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Exploiting network services question



In-Reply-To: <5495.1102965153@xxxxxxxxxxxxx>


>Hi everyone,
>
>I have a question regarding the exploitation of network services.
>If I send the following string to a service
>
>["A"x78]["abcd"][junk - up to 430 bytes]
>
>I can control eip with "abcd". How can I exploit this? Is there a good
>tutorial that I should read? Unfortunately I did not find anything usefull
>with google...

Well, i take it your problem is the limitation of 78 bytes to place the shellcode.  If so, often times you can place the shellcode(with nops) after the point of the overflow, ie. 82nd byte onward in your case.  However it is also possible, depending on your situation, for that memory to get mangled along the way, if that is the case try placing your shellcode somewheres else in memory(before you cause the overflow)...if all else fails 78 bytes of shellcode room is moderatly decent amount of instructions to work with, doesn't leave much guessing room though :/

if i misunderstood the situation, please reply with more direct information.