Re: sample buffer overflow exploit problem

From: Ganbold (ganbold_at_micom.mng.net)
Date: 10/01/03

  • Next message: joe: "Fake frame overwriting"
    Date: Wed, 01 Oct 2003 09:07:23 +0900
    To: Vade 79 <v9@fakehalo.deadpig.org>
    
    

    Hi,

    Thanks for reply. Host is not firewalled. I tested shellcode using function
    pointer. It works.

    I'm debugging sample server daemon using gdb. When put wrong return address
    and place shellcode little bit before
    1001 - sizeof(shellcode) in exploit I can see my shellcode and return
    address fully when I issue command x/200bx $esp-200.

    But when I put correct return address I see part of my shellcode at the end
    of x/200bx $esp-200 command.
    I tried it so many ways, placing shellcodes in different place, choosing
    different return addresses etc. No result.

    What should I do?

    Ganbold

    At 01:25 AM 9/30/2003 +0000, you wrote:
    >In-Reply-To: <Law9-F106Dc41W2ufyW00009d1f@hotmail.com>
    >
    > >You say that you can connect after the exploit, but then the connection
    > gets
    >
    > >dropped immediately afterwards... is there a firewall in place?
    >
    > >
    >
    >
    >
    >also could possibly be hitting partly into the shellcode(after nops, and
    >in the middle of the shellcode), not fully processing the code correctly.


  • Next message: joe: "Fake frame overwriting"

    Relevant Pages

    • [Full-Disclosure] CSA-200402-1: Previous Open Webmail vulnerability is exploitable
      ... Vulnerability: Remote arbitrary command exection ... "Open WebMail is a webmail system based on the Neomail version 1.14 ... -p The port to have the reverse shellcode connect back to. ...
      (Full-Disclosure)
    • Re: DEFCON 16 and Hacking OpenVMS
      ... this was for utilities that had command recall, not for DCL. ... If you had started with "utilities that used command recall", ... Now we know what your use of "shellcode" means. ... confusion to your explanations. ...
      (comp.os.vms)
    • Re: DEFCON 16 and Hacking OpenVMS
      ... I've mucked around quite a bit in DCL and I don't see how you get some ... command or command procedure stored in a logical to be ex- ... I think that Brian may be thinking that shellcode is a series of DCL ...
      (comp.os.vms)
    • Re: buffer overflow to spawn shell
      ... What he's telling you is you need to rename the program ... > nop sled and shellcode in it. ... > of course this command implies you have a plain file in the directory ... > if you cant create a file in the directory change the command to be ...
      (comp.os.linux.security)
    • Doubts in shellcode !?
      ... I'm reading a tutorial about shellcode, ... That will execute the /bin/sh. ... And we must, compile it, and open gdb and get the hex value with ... x/xb main+3 ...
      (comp.security.unix)