I have downloaded the available exploit for the latest
buffer overflow for umpnpmgr.dll available on the
net. Running the code umpnp_poc.c compiled out of the
box run against a windows xp sp1 box does not appear
to do anything. I have attached windbg to the
services process , and when I execute the code for the
buffer overflow the debugger does not catch any
exeception. I have tried modifying event filters in
windbg but the program still does not break at any
point.
I do not have much experience in working with rpc
calls. The exploit attempts to connect to
\\hostname\pipe\browser. According to eeye you need
to connect to a different location than \pipe\browser.
You need to connect to \pipe\ntsvcs (or a different
location, you can see the post on their site) and
reaching this area requires authentication. Would it
be possible for someone to modify this example exploit
to show a working Win XP exploit? Could someone
please point me in the direction of a paper that would
explain how the rpc portion of this exploit works? I
understand how to buffer overflow a program, but it
looks like the example exploit isn't working in
Windows XP. I need to figure out why, and I don't
know enough about rpc to be able to figure out why
this example exploit does not work in Windows XP. If
anyone has used windbg to debug a windows process in
the past to locate a buffer overflow, please let me
know if any of the steps I have followed need to be
changed. Any help greatly appreciated.
__________________________________
Start your day with Yahoo! - Make it your home page!
http://www.yahoo.com/r/hs
Received on Oct 31 2005
Intro
