[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Exploiting network services question
James Longstreet wrote:
> On Mon, 13 Dec 2004 just-a-nick@xxxxxxx wrote:
>>I have a question regarding the exploitation of network services.
>>If I send the following string to a service
>>["A"x78]["abcd"][junk - up to 430 bytes]
> I'm not sure I understand your question. Does the value you put in for
> eip have to be alphabetic, or is the "abcd" simply notation for "anything
> I want?"
It is (nearly) anything I want, it has to be printable...
> Both are exploitable -- at least theoretically. If the return address
> can be anything you want, and if that 430 bytes of junk is also
> controlled by you, put a payload there. Find out the address of
> that payload (hint: use gdb), and replace "abcd" with that address.
But the service is remote, so I can't use gdb... Is there an elegant way to
exploit this kind of vulnerabilities or do I have to brute-force it?
+++ Sparen Sie mit GMX DSL +++ http://www.gmx.net/de/go/dsl
AKTION für Wechsler: DSL-Tarife ab 3,99 EUR/Monat + Startguthaben