Colapse all |
Post message
Re: problem to exploit a stack overflow 2005-05-25 6d79676d61696c6163636f756e74 gmail com In-Reply-To: <433ee3d9050524070923ba6ab5 (at) mail.gmail (dot) com [email concealed]> >so the access violation happend (this time) in the beging of the >shellcode !!!? is that a security future in xp sp2 ? or samething >else? can sameone help me to understand this . >thank you > You have overwritten ebp with nops... then you [ more ] [ reply ] problem to exploit a stack overflow 2005-05-24 migalo digalo (l epsilon gmail com) (1 replies) Re: PEB heap exploitation question 2005-05-24 nolimit bugtraq (nolimit bugtraq gmail com) Hello 6d79676d61696c6163636f756e74, It's a shame that theirs not as much documentation on this subject, as stack overflows. It's a complex subject, and as such can only be explained by a handful of people. http://cansecwest.com/csw04/csw04-Oded+Connover.ppt This is one of the prominent sources abou [ more ] [ reply ] problem to exploit a stack overflow 2005-05-22 migalo digalo (l epsilon gmail com) (1 replies) hi all, first post :-D ok,ok i am trying to exploit an example of stack overflow vunerable prog: [code]#include <stdlib.h> #include <stdio.h> int bof() { char buffer[8]; FILE *badfile=NULL; badfile=fopen( "badfile", "r" ); if(badfile) printf("[+]file open\n"); fread( buffer, sizeof( char ), 10 [ more ] [ reply ] PEB heap exploitation question 2005-05-21 6d79676d61696c6163636f756e74 gmail com Hello folks, I am trying to modify an exploit to use the PEB method to exploit a heap overflow which currently overwrites the unhandled exception filter. What I have tried doing is to make 2 writes - the first, overwriting the FastPEBLockRoutine pointer to a writable address inside the PEB, then [ more ] [ reply ] JavaMail Information Disclosure (msgno) 2005-05-19 Ricky Latt (ygnboyz gmail com) "The JavaMail API provides a platform-independent and protocol-independent framework to build mail and messaging applications. The JavaMail API is implemented as a Java platform optional package and is also available as part of the Java 2 platform, Enterprise Edition. JavaMail provides a common, u [ more ] [ reply ] Exploitation Help 2005-05-17 ramatkal hotmail com (2 replies) Several questions on a remote stack overflow i am trying to exploit on windows 2k/XP/2003.... I send a GET request to a vulnerable web server, when the Authorization Header is 250 bytes long, a buffer overflow occurs and i have full control over EIP. However, if the Authorization Header is larger [ more ] [ reply ] procps (vmstat) -p argument stack overflow 2005-05-17 "A. Alejandro Hernández" (nitrous danitrous org) (1 replies) Product: PROCPS The /proc file system utilities (vmstat) URL Vendor: http://procps.sourceforge.net/ Affected version: 3.2.5 Error Type: Boundary Condition Error Risk: Low [ But high if vmstat is a suid binary ] Tested on: Ubuntu Linux 2.6.8.1-3-386 Author: A. Alejandro Hernández Hernández <nitrous@d [ more ] [ reply ] !! Conference Program Computer Security Mexico 2005 !! 2005-05-17 Seguridad en Computo - UNAM (seguridad seguridad unam mx) New Free Tool - Foundstone .NET Mon 2005-05-13 Curphey, Mark (mark curphey foundstone com) We are pleased to release another free tool for your pleasure.... For the Impatient Download Binaries - http://www.foundstone.com/resources/termsofuse.htm?file=dotnetmon.zip Download User Guide - http://www.foundstone.com/resources/downloads/Foundstone_DOTNETMon_White paper.pdf For the Less Impa [ more ] [ reply ] Ethereal v0.9.13 to v0.10.10 DISTCC Denial of Service Exploit (Buffer Overflow) 2005-05-11 David Jungerson (david-jungerson web de) From the original Ethereal Advisory on http://ethereal.com/appnotes/enpa-sa-00019.html : `The DISTCC dissector was susceptible to a buffer overflow. Discovered by Ilja van Sprundel Versions affected: 0.9.13 to 0.10.10'. Just had a quick look at it, but the exploit is a classical signed vs. unsigned [ more ] [ reply ] Announcement: The Web Security Mailing List 2005-05-08 contact webappsec org The Web Application Security Consortium (WASC) is proud to present 'The Web Security Mailing List'. What is The Web Security Mailing List? The Web Security Mailing List is an open information forum for discussing topics relevant to web security. Topics include, but are not limited to, industry ne [ more ] [ reply ] top (procps-2.0.7-25) vulnerability 2005-05-07 WINNY THOMAS (winnymthomas yahoo com) (2 replies) While running top on a tool of mine to do a profiling test the top command ran into a segmentation fault. I could find two instance where the command could misbehave 1. if you have junk data inside a file .toprc in your home directory 2. if your environmental v [ more ] [ reply ] Missing string length check in Horde 2005-05-06 Andrea Parrella (yap yapsoft it) The Horde Framework has several classes for the creation of forms. For example, to create a form with a domain field you just have to create an instance of the Horde_Form class and to call the addVariable() method. $form->addVariable(_("Domain name"), "domain_name", "text", true, false, null, array [ more ] [ reply ] tools for analyzing java code 2005-05-05 Mads Rasmussen (mads opencs com br) (1 replies) Anyone knows any tools to analyze security problems with java code? I have come across some, like Lint4j http://www.jutils.com/index.html CodePro Analytix http://www.instantiations.com/codepro/download.asp Jtest http://www.parasoft.com/jsp/products/home.jsp?product=Jtest&itemId=14 Parasoft's J [ more ] [ reply ] Black Hat USA 2005 Reminder CFP closing soon! 2005-04-27 Jeff Moss (jmoss blackhat com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Black Hat USA 2005 Call for Papers closes May 1st! Do not hesitate to submit your presentation, as time is running out. This is your chance to present in front of the largest Black Hat to date, and share your knowledge with you peers. For more detai [ more ] [ reply ] ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit 2005-04-26 shadown (shadown gmail com) See attached files. Cheers, shadown -- Sergio Alvarez Security, Research & Development IT Security Consultant email: shadown (at) gmail (dot) com [email concealed] This message is confidential. It may also contain information that is privileged or otherwise legally exempt from disclosure. If you have received it by mistake [ more ] [ reply ] why chmod race conditions are bad 2005-04-21 Imran Ghory (imranghory gmail com) This message was rejected by bugtraq but as I think it contains some useful explainations I decided to post it here instead. ---------- Forwarded message ---------- ---------- Forwarded message ---------- From: Imran Ghory <imranghory (at) gmail (dot) com [email concealed]> To: bugtraq (at) securityfocus (dot) com [email concealed] Date: Sat, 16 Apr 2005 [ more ] [ reply ] Recon 2005 - Speakers list 2005-04-20 dataworm (dataworm violating us) RECON 2005 Montreal, Quebec, Canada 17 - 19 June 2005 We are pleased to announce the final paper selection for the RECON conference. RECON is a computer security conference taking place in downtown Montreal from the 17th to the 19th of June 2005. Please take note that we have extended the early [ more ] [ reply ] |
Privacy Statement |
I am trying to exploit a vulnerable server which only allows
alphanumeric characters....
I have successfully taken control of EIP and now need to do a JUMP -600
bytes.....
The problem is, that 'eb' and 'e9' are not alphanumeric asci codes and
thus cannot be used to do the jumps in the payload..
[ more ] [ reply ]