I am trying to exploit a vulnerable server which only allows
alphanumeric characters....

I have successfully taken control of EIP and now need to do a JUMP -600
bytes.....

The problem is, that 'eb' and 'e9' are not alphanumeric asci codes and
thus cannot be used to do the jumps in the payload..

[ more ]  [ reply ]

In-Reply-To: <433ee3d9050524070923ba6ab5 (at) mail.gmail (dot) com [email concealed]>

>so the access violation happend (this time) in the beging of the
>shellcode !!!? is that a security future in xp sp2 ? or samething
>else? can sameone help me to understand this .
>thank you
>

You have overwritten ebp with nops... then you

[ more ]  [ reply ]

hi all,

ok i tested many test with shell that have not 0xcc and 0xc9 ... i
dicided to test it with my own shellcode (a very simple one)
unsigned char shellcode[] =
"\xC6\x45\xFC\x63" /* mov byte ptr [ebp-4],63h*/
"\xC6\x45\xFD\x6D" /* mov byte ptr [ebp-3],6Dh*/
"\xC6\x45\xFE\x64"

[ more ]  [ reply ]

Hello 6d79676d61696c6163636f756e74,

It's a shame that theirs not as much documentation on this subject, as
stack overflows. It's a complex subject, and as such can only be
explained by a handful of people.
http://cansecwest.com/csw04/csw04-Oded+Connover.ppt
This is one of the prominent sources abou

[ more ]  [ reply ]

hi all,

first post :-D

ok,ok i am trying to exploit an example of stack overflow vunerable prog:

[code]#include <stdlib.h>
#include <stdio.h>
int bof()
{
char buffer[8];
FILE *badfile=NULL;

badfile=fopen( "badfile", "r" );
if(badfile)
printf("[+]file open\n");

fread( buffer, sizeof( char ), 10

[ more ]  [ reply ]

Hello folks,

I am trying to modify an exploit to use the PEB method to exploit a heap overflow which currently overwrites the unhandled exception filter.

What I have tried doing is to make 2 writes - the first, overwriting the FastPEBLockRoutine pointer to a writable address inside the PEB, then

[ more ]  [ reply ]

"The JavaMail API provides a platform-independent and protocol-independent framework to build mail and messaging applications. The JavaMail API is implemented as a Java platform optional package and is also available as part of the Java 2 platform, Enterprise Edition. JavaMail provides a common, u

[ more ]  [ reply ]

Several questions on a remote stack overflow i am trying to exploit on windows 2k/XP/2003....

I send a GET request to a vulnerable web server, when the Authorization Header is 250 bytes long, a buffer overflow occurs and i have full control over EIP. However, if the Authorization Header is larger

[ more ]  [ reply ]

Product: PROCPS The /proc file system utilities (vmstat)
URL Vendor: http://procps.sourceforge.net/
Affected version: 3.2.5
Error Type: Boundary Condition Error
Risk: Low [ But high if vmstat is a suid binary ]
Tested on: Ubuntu Linux 2.6.8.1-3-386
Author: A. Alejandro Hernández Hernández <nitrous@d

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

========================================================================

Computer Security Mexico 2005
"11th Years celebrating Computer Security Mexico"

Palacio de Mineria
May 26th - M

[ more ]  [ reply ]

We are pleased to release another free tool for your pleasure....

For the Impatient

Download Binaries -
http://www.foundstone.com/resources/termsofuse.htm?file=dotnetmon.zip

Download User Guide -
http://www.foundstone.com/resources/downloads/Foundstone_DOTNETMon_White

paper.pdf

For the Less Impa

[ more ]  [ reply ]

From the original Ethereal Advisory on
http://ethereal.com/appnotes/enpa-sa-00019.html : `The DISTCC dissector
was susceptible to a buffer overflow. Discovered by Ilja van Sprundel
Versions affected: 0.9.13 to 0.10.10'. Just had a quick look at it, but
the exploit is a classical signed vs. unsigned

[ more ]  [ reply ]

The Web Application Security Consortium (WASC) is proud to present 'The Web Security Mailing List'.

What is The Web Security Mailing List?
The Web Security Mailing List is an open information forum for discussing topics relevant to
web security. Topics include, but are not limited to, industry ne

[ more ]  [ reply ]

While running top on a tool of mine to do a profiling
test the top command ran into a segmentation fault. I
could find two instance where the command could
misbehave

1. if you have junk data inside a
file .toprc in your home directory
2. if your environmental v

[ more ]  [ reply ]

The Horde Framework has several classes for the creation of forms. For
example, to create a form with a domain field you just have to create an
instance of the Horde_Form class and to call the addVariable() method.

$form->addVariable(_("Domain name"), "domain_name", "text", true, false,
null, array

[ more ]  [ reply ]

Anyone knows any tools to analyze security problems with java code?

I have come across some, like

Lint4j
http://www.jutils.com/index.html

CodePro Analytix
http://www.instantiations.com/codepro/download.asp

Jtest
http://www.parasoft.com/jsp/products/home.jsp?product=Jtest&itemId=14

Parasoft's J

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Black Hat USA 2005 Call for Papers closes May 1st! Do not hesitate to submit your presentation, as time is running out. This is your chance to present in front of the largest Black Hat to date, and share your knowledge with you peers. For more detai

[ more ]  [ reply ]

See attached files.
Cheers,
shadown

--
Sergio Alvarez
Security, Research & Development
IT Security Consultant
email: shadown (at) gmail (dot) com [email concealed]

This message is confidential. It may also contain information that is
privileged or otherwise legally exempt from disclosure. If you have
received it by mistake

[ more ]  [ reply ]

This message was rejected by bugtraq but as I think it contains some
useful explainations I decided to post it here instead.

---------- Forwarded message ----------
---------- Forwarded message ----------
From: Imran Ghory <imranghory (at) gmail (dot) com [email concealed]>
To: bugtraq (at) securityfocus (dot) com [email concealed]
Date: Sat, 16 Apr 2005

[ more ]  [ reply ]

RECON 2005

Montreal, Quebec, Canada
17 - 19 June 2005

We are pleased to announce the final paper selection for the RECON
conference.
RECON is a computer security conference taking place in downtown
Montreal from
the 17th to the 19th of June 2005.

Please take note that we have extended the early

[ more ]  [ reply ]