[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Exploiting network services question

James Longstreet wrote:
> On Mon, 13 Dec 2004 just-a-nick@xxxxxxx wrote:
>>I have a question regarding the exploitation of network services.
>>If I send the following string to a service
>>["A"x78]["abcd"][junk - up to 430 bytes]

> I'm not sure I understand your question.  Does the value you put in for
> eip have to be alphabetic, or is the "abcd" simply notation for "anything
> I want?"

It is (nearly) anything I want, it has to be printable...

> Both are exploitable -- at least theoretically.  If the return address
> can be anything you want, and if that 430 bytes of junk is also
> controlled by you, put a payload there.  Find out the address of
> that payload (hint: use gdb), and replace "abcd" with that address.

But the service is remote, so I can't use gdb... Is there an elegant way to
exploit this kind of vulnerabilities or do I have to brute-force it?

+++ Sparen Sie mit GMX DSL +++ http://www.gmx.net/de/go/dsl
AKTION für Wechsler: DSL-Tarife ab 3,99 EUR/Monat + Startguthaben