|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] XP SP2 - "Exploit writers need to stop being such a pussy"
From: Halvar Flake (HalVar
gmx.de)
Date: Wed Aug 11 2004 - 12:57:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> XP Pro comes with the full IIS (5.1) suite; web server, mail server, ftp
> server, etc. I was testing out some older ISAPI overflows on IIS 5.1 w/XP
> SP2, the only significant difference in exploiting them is that all regs
> (cept ebp, esp) are cleared when the exception handler kicks. It took all
> of 30 seconds or so to get the code working. Simply changing the returns
> >from jmp/call reg to pop/pop/[...]/ret [1] fixed it right up. SP2 doesn't
> do much at all for third-party applications.
The stack canary looks static at first glance, too (altho I haven't
installed the files).
Anyone played with the memory protection stuff yet ?
Cheers,
Halvar
--
NEU: WLAN-Router für 0,- EUR* - auch für DSL-Wechsler!
GMX DSL = supergünstig & kabellos http://www.gmx.net/de/go/dsl
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://www.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]