I've read those tutorials, they're awesome. I'll go re-read them! On Tue, Jan 11, 2011 at 8:52 AM, Kevin Shaw <[email protected]>wrote:
> Craig: I'm no expert but I've been working at some of these. I can't find > the corelan(?) tutorials at the moment but they help learning the memory > space and how to get around in it. You may need something other than EIP.. > > On Jan 11, 2011 8:21 AM, "Craig Freyman" <[email protected]> wrote: > > I've discovered a software bug and I've been trying to figure out if it > is > > exploitable. I was wondering if anyone on the list has exploit > development > > experience and would be willing to give me a hand. It's not on any well > > known software so it might be boring to most, but it's very exciting to > me! > > So, I imagine that help would come from a generous soul willing to lend a > > hand :) > > > > My bug crashes an application consistently and overwrites the return > address > > but then does strange things. I've been told by jduck at Metasploit that > > this might be exploitable but after reading everything I've found, I'm > not > > sure what I'm missing. I am comfortable with basic buffer overflows but > this > > one does not appear to be basic. I am certain it is not an SEH overflow > but > > can show that EIP is overwritten and I also know the offset. > > > > Let me know if anyone is willing to give me some advice. I'll show you my > > exploit code and give you the software make/version as well. > > > > Thanks, > > Craig > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
