Vuln Dev
Re: Re: 3COM TFTPD Overflow: SEH Overwrite Feb 08 2008 09:08AM
lists skilltube com
Quoting jeremy.junginger (at) gmail (dot) com [email concealed]:

> I was asking if ws2_32.dll was compiled with SafeSEH (didn't know
> about the Olly plugin). Regarding the return address...I already
> have control of EIP, but can't point it directly to the stack, so
> I'm searching for a module with a suitable return address (with
> pop/pop/ret) to help me get back to that buffer. The issue was with
> the return address I was pointing to, and the fact that it the
> module was compiled with SafeSEH. Is that enough detail?
>

Nope, you didn't answer my question regarding the vulnerability you
are trying to exploit. If it turns out to be the transporting mode
issue, than the best place to look for a working return address is the
binary itself. Very reliable and still enough space for the shellcode.

regards
-S

----------------------------------
SkillTube.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus