('binary' encoding is not supported, stored as-is)
In-Reply-To: <5495.1102965153_at_www20.gmx.net>
>Hi everyone,
>
>I have a question regarding the exploitation of network services.
>If I send the following string to a service
>
>["A"x78]["abcd"][junk - up to 430 bytes]
>
>I can control eip with "abcd". How can I exploit this? Is there a good
>tutorial that I should read? Unfortunately I did not find anything usefull
>with google...
Well, i take it your problem is the limitation of 78 bytes to place the shellcode. If so, often times you can place the shellcode(with nops) after the point of the overflow, ie. 82nd byte onward in your case. However it is also possible, depending on your situation, for that memory to get mangled along the way, if that is the case try placing your shellcode somewheres else in memory(before you cause the overflow)...if all else fails 78 bytes of shellcode room is moderatly decent amount of instructions to work with, doesn't leave much guessing room though :/
if i misunderstood the situation, please reply with more direct information.
Received on Dec 13 2004
Intro
