Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: AlphaNumeric Exploitation Help

Re: AlphaNumeric Exploitation Help

From: KF (lists) <kf_lists_at_digitalmunition.com>
Date: Thu, 26 May 2005 13:31:29 -0400

ramatkal_at_hotmail.com wrote:

>I am trying to exploit a vulnerable server which only allows
>alphanumeric characters....
>
>I have successfully taken control of EIP and now need to do a JUMP -600
>bytes.....
>
>The problem is, that 'eb' and 'e9' are not alphanumeric asci codes and
>thus cannot be used to do the jumps in the payload....
>
>Anyone got any ideas/tricks/advice on how i can accomplish a JMP -600 bytes, or any type of jump for that matter, only using alphanumeric chars?
>
>Thanks,
>RaMatkal
>
>
>
>
>
Let me know if you figure it out... I need to do the same thing to
finish up a widcomm exploit I am working on.

I was trying to use Skylined's alpha 2 to encode a 3 byte near jump. I
ran into some problems with the decoder. I happen to be limited to 185
bytes in my particular case... you may have other limitations.
-KF
Received on May 26 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos