Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Subject: Re: remote exploit
From: Bluefish (11aGMX.NET)
Date: Sun Jul 09 2000 - 12:37:22 CDT

Ah, *now* I get it ;) Sorry, no morning coffee ...

I thought he was within the shellcode and wanted to jump somewhere from
it. I suppose he could set return adress to another buffer if he can put
information somewhere with an adress which doesn´t contain a null (global
variable mayhap?)... Unless "all" addresses begins with 0x00, it ought to
be possible to exploit. But it could take a lot of work to locate where to
put it (nothing I have practicle experienced of, unfortunatly)

> Wouldn't work, since to be able to mov ax,A you have to be able to execute
> code.
> His problem is getting the right values on the stack to actually be able to
> execute
> anything.
> I can't see any solution, except maybe returning into libc or whatever.
> --Ralph

     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team