Colapse all |
Post message
changes between gcc 2.95 and 3.3 2004-04-13 Joe Hickory (J Hickory gmx net) hi, just experimenting with some buffer overflow exploit tutorials. any of them i found is written for programs compiled with gcc 2.95. as i tried them with a gcc 3.2.x they didn't worked. anybody has a hint where i can find some docs explaining the differences between how the gcc version compile t [ more ] [ reply ] Re: GNU sharutils 4.2.1 PoC 2004-04-09 Vade 79 (v9 fakehalo deadpig org) In-Reply-To: <200404091202.i39C21sr051841 (at) mailserver1.hushmail (dot) com [email concealed]> >below are some details -> > >[sharutils-4.2.1/src/shar.c] >.. > >static char output_base_name[50]; > >.. > case 'o': > strcpy (output_base_name, optarg); > >.. > >sam@slackware:~$ /usr/bin/shar -o `perl -e [ more ] [ reply ] GNU sharutils 4.2.1 PoC 2004-04-09 sambooka hushmail com hello vuln-dev. I am trying to develop exploit code for the GNU sharutils 4.2.1 vulnerability posted to bugtraq this week -> [http://www.securityfocus.com/archive/1/359639/2004-04-06/2004-04-12/0] but am having a bit of difficulty finding an avenue, anyone got any ideas? below are some details -> [ more ] [ reply ] Metasploit Win32 Shellcode Updates 2004-04-08 H D Moore (sflist digitaloffense net) Hello everyone, The shellcode section at metasploit.com has been updated with the complete build environment for the Metasploit Framework Win32 payloads. These payloads are fairly small and can be compiled either all at once, or broken up into separate stages to save space. A CGI application [ more ] [ reply ] Re: Re: Outlook Mailto URL:vulnerabilty 2004-04-06 clancy carlson (clancy_carlson hotmail com) Seamus, thanks, I have heard that people had it working for outlook express, however if you look at the advisories such as http://computercops.biz/article-4928-nested-0-0.html they specifically state that outlook 2002 is vulnerable. Is it just easier to get it to work via outlook express, and on [ more ] [ reply ] SMTP non delivery notification DoS/DDoS Attacks 2004-04-05 Stefan Frei (stefan frei techzoom net) (1 replies) Dear list members, My colleagues and I have been doing some research into a mail-related vulnerabilities over the last month or two. We discovered that a problem exists within the way non-delivery notifications are sent from many SMTP mail servers. This problem can be successfully (and rather eas [ more ] [ reply ] Re: Outlook Mailto URL:vulnerabilty 2004-04-04 Seamus Grimes (shamusgrimes yahoo com) In-Reply-To: <BAY13-F65PU2pnUgrMb0003f3db (at) hotmail (dot) com [email concealed]> Clancy, I unerstand your problem, I've been working on building a proof of concept for our pen test scripts, but havn't had any luck with it yet. I talked to the developer of the original proof of concept, he's only gotton it working on wi [ more ] [ reply ] Outlook Mailto URL:vulnerabilty 2004-04-02 clancy carlson (clancy_carlson hotmail com) All, I have been trying to write an exploit for the Outlook Mailto URL vulnerability, but have been unsuccesfull up to this point. I have tried on both and windows 2000 and windows XP machine using Outlook 2002. All of the proof of concept codes and other documentation does not seemt o work. I [ more ] [ reply ] Problem rlogin protocol 2004-04-02 Inode (inode mediaservice net) Hi all, I'm playing with rlogin protocol under Solaris (but I think it's similar to others unix system), and I got some problems. When I try to send a buffer more than 250 byte as login name the deamon will output 0x7 character (beep). I know that with telnet protocol there are options for permi [ more ] [ reply ] IE Bug in Javascript Navigator Object 2004-04-01 Uli Häfele (uli haefele mindlab de) (1 replies) I discovered a strange thing with the MS/IE recently. The Javascript Navigator Object can be written by just adding a property. The following code used within an html page <script> navigator.myString = "Hello world"; </script> adds the property myString to the navigator object. The content of the [ more ] [ reply ] Re: Buffer Overflows 2004-03-30 . npguy (npguy linuxmail org) (1 replies) Hi, ESP points the current address of the stack frame. The address is very importnat to exploit the return address. Take an example of overwriting the return address with JMP ESP instruction simply change the flow of the program by jumping to the current pointing address of ESP (Stack Pointer). [ more ] [ reply ] Buffer Overflows 2004-03-29 luck___ hotmail com (2 replies) Hi hope someone could help me with a question I have. Why do many buffer overflow exploits use the %esp before the program has run as the return address? If im not wrong then the idea is to return into the buffer but the %esp before the program is run becomes %ebp during program execution and this [ more ] [ reply ] ISS 'Witty' Worm Analyzed 2004-03-23 mattmurphy (at) kc.rr (dot) com [email concealed] (mattmurphy kc rr com) Dear Lists, I have completed an analysis of the 'Witty' worm that impacts multiple ISS products. The worm is spreading via a very simple UDP propagation algorithm. The unique nature of this worm made it a fascinating piece of code to analyze. The analysis gets into the details of the worm's prop [ more ] [ reply ] Analysis of the Exploitation Processes (.pdf) 2004-03-23 Steven Hill (steve covertsystems org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, "Analysis of the Exploitation Processes" (.pdf) "Covert Systems Research" has drafted together a tutorial defining several of the common types of vulnerabilities together with their counterpart command line exploit sequences. The descriptions [ more ] [ reply ] squidguard vulnerability 2004-03-19 Petko Popadiyski (petko freebsd-bg org) squidGuard is a fast redirector using database stored blacklists. I found that squidguard is prone to the bug found in squid about the NULL URL character unauthorized access ( http://www.securityfocus.com/bid/9778). The vulnerability presents itself when a URI that is designed to access a specific [ more ] [ reply ] New security alert #66 issued in Oracle web cache 2004-03-15 Pete Finnigan (plsql petefinnigan com) Hi everyone, If anyone is interested a new security advisory has been issued by Oracle. Alert number 66 in Oracle web cache. I have added some details about this advisory to my security alerts page which is http://www.petefinnigan.com/alerts.htm kind regards Pete -- Pete Finnigan email:pete@pe [ more ] [ reply ] buffer overflows and stack alignment 2004-03-15 Oleg Kolesnikov (digiwind hotmail com) Hi All, I've been playing around with stack alignment to use multi-byte noops in exploits. I'd like to get some opinions. Currently, most exploits use single-byte instructions in noop sleds. It can be a problem, particularly for polymorphic exploits, e.g. 55/256, sled detection etc. Multi [ more ] [ reply ] [oracle] - passwords in clear text and password protected roles bypass 2004-03-14 Pete Finnigan (plsql petefinnigan com) Hi Everyone, I have just put two short papers on my website, the first discussing clear text password transmissions when changing a users password in the database and the second discussing the same issue with set role {blah} identified by {blah}. The second paper also discusses an issue I found whe [ more ] [ reply ] |
Privacy Statement |
Hi all,
Where can i gain complete information (papers, tutorial, etc..)
about heap overflow exploitation in windows environment?
Is It similar to linux dmalloc chunk overflow?
Thank you in advance.
-----------------------------------------------------------
Spazio ILLIMITATO per la tua
[ more ] [ reply ]