|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Nicolas Waisman (nicolas.waisman
immunitysec.com)
Date: Wed May 30 2007 - 10:00:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sounds like a good option, but not a reliable one, cause you need to know
the address of where that NULL terminator is. (And then, you will be end
up relying on addys)
Is there a generic address we can ++?
Nico
On Wed, May 30, 2007 at 02:27:30PM +0100, Chris Anley wrote:
> How about using the increment to remove the null terminator on the end of a string? Maybe that way you could turn the increment into a more conventional overflow or format string?
>
> -chris.
>
>
> ----- Original Message -----
> From: dailydave-bounceslists.immunitysec.com <dailydave-bounceslists.immunitysec.com>
> To: dailydavelists.immunitysec.com <dailydavelists.immunitysec.com>
> Sent: Wed May 30 07:13:10 2007
> Subject: [Dailydave] A 3 a.m. Riddle
>
> Lets have a fun riddle to cheer up the spirit ( Mate at 11pm, its all
> night insomnia.)
>
> The riddle: Let said you are trying to exploit a remote service on an
> old Windows 2000 (whatever SP you want) and the primitive is the following
> inc [edi] // you control edi
>
> What would be the best option for edi?
>
>
> Nico
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
> --
> E-MAIL DISCLAIMER
>
> The information contained in this email and any subsequent
> correspondence is private, is solely for the intended recipient(s) and
> may contain confidential or privileged information. For those other than
> the intended recipient(s), any disclosure, copying, distribution, or any
> other action taken, or omitted to be taken, in reliance on such
> information is prohibited and may be unlawful. If you are not the
> intended recipient and have received this message in error, please
> inform the sender and delete this mail and any attachments.
>
> The views expressed in this email do not necessarily reflect NGS policy.
> NGS accepts no liability or responsibility for any onward transmission
> or use of emails and attachments having left the NGS domain.
>
> NGS and NGSSoftware are trading names of Next Generation Security
> Software Ltd. Registered office address: 52 Throwley Way, Sutton, SM1
> 4BF with Company Number 04225835 and VAT Number 783096402
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]