Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Shattering By Example
From: "Brett Moore" <brett.moore () security-assessment com>
Date: Fri, 10 Oct 2003 15:15:59 +1300
A new white paper on shatter attcks has been released and is available 
from our website;

www.security-assessment.com/Papers/Shattering_By_Example-V1_03102003.pdf 

This white paper includes information from both shatterseh2.txt and
shatterseh3.txt.

It also includes a shatter attack exploit against statusbars that uses
the following messages;
* WM_SETTEXT
* SB_SETTEXT
* SB_GETTEXTLENGTH
* SB_SETPARTS
* SB_GETPARTS

and demonstrates the following techniques.
* brute forcing a useable heap address
* placing structure information inside a process
* injecting shellcode to known location
* overwriting 4 bytes of a critical memory address

Any feedback or followup to this is most welcome,

Regards

Brett Moore
Network Intrusion Specialist
www.security-assessment.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • Shattering By Example Brett Moore (Oct 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]