|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: problem to exploit a stack overflow
6d79676d61696c6163636f756e74
gmail.com
Date: Wed May 25 2005 - 11:25:25 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In-Reply-To: <433ee3d9050524070923ba6ab5mail.gmail.com>
>so the access violation happend (this time) in the beging of the
>shellcode !!!? is that a security future in xp sp2 ? or samething
>else? can sameone help me to understand this .
>thank you
>
You have overwritten ebp with nops... then you are trying to mov the value 63h to ebp-4 and you get an access violation.
Basically what you are trying to do with your shellcode is call winexec routine on "cmd" - and for that you are trying to push "cmd" onto the stack, then push a null, then call winexec.
Unfortunately for you, ebp is not pointing to the stack - you have corrupted it with nops, but since you got control of the cpu - you can move whatever value to whatever (accessible) location and fix things...
Also, you can reset all the registers to whatever values you want.
Good luck
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]