|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: problem in off by one overflow
From: Alex (alex00882007
gmail.com)
Date: Mon Feb 07 2005 - 14:01:13 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 07 Feb 2005 09:08:45 -0800 (PST), Breno Pinto
<brenosecforum.com.br> wrote:
>
>
> Hi,
>
> I have problem to exploit an off by one vulnerability. When i overwrite ebp with some data and i´t point to my NOPS, i receive an SIGSEGV message.
>
> SIGSEGV message in 0x90909090 ??
>
> I´m using red hat 7.3 and gcc 2.95.
>
> Anybody knows why 0x90909090 broke my exploitation ?
>
> Thanks
>
>
> Breno
>
Is eip pointing to 0x90909090? The problem is quite simple.
The base pointer is not over-written with the address of the
destination. Instead, it should be over-written with a pointer to the
address of your destination.
The EIP you see there is most likely the first 4 bytes of your
shellcode, NOP=0x90 on x86 intel.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]