Re: ms03-049 exploit xp sp0
From: upb (upb_at_email.ee)
Date: 11/13/03
- Previous message: upb: "Re: ms03-049 exploit xp sp0"
- Maybe in reply to: wirepair: "ms03-049 exploit xp sp0"
- Next in thread: dave_at_immunitysec.com: "Re: ms03-049 exploit xp sp0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <vuln-dev@securityfocus.com> Date: Thu, 13 Nov 2003 03:25:25 +0200
Umm, this is what u get when ur tired :P
----- Original Message -----
From: "upb" <upb@email.ee>
> 00000000: EB14 jmps 000000016
> 00000002: 832C2440 sub d,[esp],040 ;"@"
> 00000006: E8F5FFFFFF call 000000000
That code was supposed to be:
00000000: EB05 jmps 000000007
00000002: 832C2440 sub d,[esp],040 ;"@"
00000006: C3 retn
00000007: E8F6FFFFFF call 000000002
And ofcourse the shortest way to jump back is by using the "jmp" instruction
:)
00000004: E9F7FFFFFF jmp 000000000
or
00000004: EBFA jmps 000000000
upb
- Previous message: upb: "Re: ms03-049 exploit xp sp0"
- Maybe in reply to: wirepair: "ms03-049 exploit xp sp0"
- Next in thread: dave_at_immunitysec.com: "Re: ms03-049 exploit xp sp0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
