Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Exploiting network services question

Re: Exploiting network services question

From: <just-a-nick_at_gmx.net>
Date: Tue, 21 Dec 2004 20:21:19 +0100 (MET)

James Longstreet wrote:
> On Mon, 13 Dec 2004 just-a-nick_at_gmx.net wrote:
>
>
>>I have a question regarding the exploitation of network services.
>>If I send the following string to a service
>>
>>["A"x78]["abcd"][junk - up to 430 bytes]

> I'm not sure I understand your question. Does the value you put in for
> eip have to be alphabetic, or is the "abcd" simply notation for "anything
> I want?"

It is (nearly) anything I want, it has to be printable...

> Both are exploitable -- at least theoretically. If the return address
> can be anything you want, and if that 430 bytes of junk is also
> controlled by you, put a payload there. Find out the address of
> that payload (hint: use gdb), and replace "abcd" with that address.

But the service is remote, so I can't use gdb... Is there an elegant way to
exploit this kind of vulnerabilities or do I have to brute-force it? 

-- 
+++ Sparen Sie mit GMX DSL +++ http://www.gmx.net/de/go/dsl
AKTION für Wechsler: DSL-Tarife ab 3,99 EUR/Monat + Startguthaben
Received on Dec 23 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos