Google
Current archive: December 29, 2013

Windows Exploit Development – Part 4: Locating Shellcode With Jumps

Written by:
Written on:December 29, 2013
Comments
are closed
win_exploit_3_45

Overview In Parts 2 and 3, we built and improved upon an exploit for ASX To MP3 converter. Even though it had it’s flaws, as far as exploits go, it was pretty straightforward — direct EIP overwrite with a jump directly to a register that pointed to our shellcode. Things aren’t always that easy. Quite often you have to do a bit more work to get the application to execute…

Read more...
In category: Exploits
Tags: , , , , , , , , , , , , , , ,

Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules

Written by:
Written on:December 29, 2013
Comments
are closed
win_exploit_3_9

Overview In Part 2 we constructed a basic stack based overflow exploit for ASX To MP3 Converter. As I indicated in that post, the exploit itself is far from perfect. Successful EIP overwrite is influenced by the file path of the m3u file. In addition, although application modules are preferred when selecting jump/call addresses, the application DLL we used was rebased, meaning the address to our CALL EBX instruction is…

Read more...
In category: Exploits
Tags: , , , , , , , ,