OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Dailydave] Dailydave Digest, Vol 13, Issue 12

From: Mefire Omar (massaiut-dhaka.edu)
Date: Fri Sep 01 2006 - 04:59:35 CDT

Hi

Please , i would like to know what exactly to read and what to study to be
able to develop exploits and know what most of the guys writing to this mail
list know ...
can you please give me some answers and if possible , also give me
references to certain books .

Thanks

--------- Original Message --------
From: dailydavelists.immunitysec.com
To: dailydavelists.immunitysec.com <dailydavelists.immunitysec.com>
Subject: Dailydave Digest, Vol 13, Issue 12
Date: Thu 08/24/06 11:01 PM

>
> Send Dailydave mailing list submissions to
> dailydavelists.immunitysec.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.immunitysec.com/mailman/listinfo/dailydave
> or, via email, send a message with subject or body 'help' to
> dailydave-requestlists.immunitysec.com
>
> You can reach the person managing the list at
> dailydave-ownerlists.immunitysec.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Dailydave digest..."
>
>
> Today's Topics:
>
> 1. odd exploitation question (Jeremy Kelley)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 24 Aug 2006 10:10:59 -0500
> From: Jeremy Kelley
> Subject: [Dailydave] odd exploitation question
> To: dailydavelists.immunitysec.com
> Message-ID:
> Content-Type: text/plain; charset=us-ascii
>
> I'm a little stumped writing an exploit for an ActiveX object and so I
> figured I'd pester this list for a bit of help.
>
> My exploit works flawlessy when attached to the process in the
> debugger. Doesn't exec calc.exe when run w/o a debugger.
>
> I'm overwriting an SEH func pointer, doing the pop/pop/ret back into
> my shellcode, and everything runs fine. The payload is a simple
> _execv call that pops up calc.exe. Platform at this point is
> Win2k/IE6.
>
> Questions:
>
> 1) The heap is different when run under a debugger (thx HD for the
> tip), but, I'm attaching the process with Olly _after_ it's already
> running. Windows doesn't do some whacked-out mojo and start using the
> debug-heap on any heap allocations following, right? I can't fathom
> how that would work.
>
> 2) What could cause the shellcode to execute flawlessly under a
> debugger but not other times. It's an exec - so I can't imagine the
> process is dying before it's kickstarted calc.exe.. exec doesn't work
> that way.
>
> Any help is greatly appreciated. If I've left out necessary details,
> I'll be glad to share.
>
> thanks for reading this far,
> jeremy
>
> --
> Jeremy Kelley Threat Assessment Analyst
> gpg 1024D/E0DF8B2D 4BC3 B8B5 5B42 CC8E B6A9 2E85 32D3 C51C E0DF 8B2D
> That's the problem with science. You've got a bunch of empiricists
> trying to describe things of unimaginable wonder. -Bill Watterson
>
>
> ------------------------------
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
> End of Dailydave Digest, Vol 13, Issue 12
> *****************************************
>
>
>
>

__________________________________________
Message sent through the Mailserver of IUT

_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave