Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: remote exploit
From: 11a () GMX NET (Bluefish)
Date: Sun, 9 Jul 2000 19:37:22 +0200

Ah, *now* I get it ;) Sorry, no morning coffee ...

I thought he was within the shellcode and wanted to jump somewhere from
it. I suppose he could set return adress to another buffer if he can put
information somewhere with an adress which doesn´t contain a null (global
variable mayhap?)... Unless "all" addresses begins with 0x00, it ought to
be possible to exploit. But it could take a lot of work to locate where to
put it (nothing I have practicle experienced of, unfortunatly)


Wouldn't work, since to be able to mov ax,A you have to be able to execute 
code.
His problem is getting the right values on the stack to actually be able to 
execute
anything.

I can't see any solution, except maybe returning into libc or whatever.

--Ralph



..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu  
    eleventh alliance development & security team

  By Date           By Thread  

Current thread:
  • Re: remote exploit Bluefish (Jul 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]