Google
Current tag: coolplayer

Windows Exploit Development – Part 5: Locating Shellcode With Egghunting

Written by:
Written on:January 5, 2014
Comments
are closed
win_exploit_5_7

Overview In Part 4 we looked at how to find and execute your shellcode using various jump methods. In Part 5 we’re going to look at another method to find your shellcode called Egghunting. This method is especially useful when you’re faced with a small, reachable buffer (in which you can execute code) but the placement of your larger shellcode in memory is unpredictable. This post will get into quite…

Read more...
In category: Exploits
Tags: , , , , , , , ,

Windows Exploit Development – Part 4: Locating Shellcode With Jumps

Written by:
Written on:December 29, 2013
Comments
are closed
win_exploit_3_45

Overview In Parts 2 and 3, we built and improved upon an exploit for ASX To MP3 converter. Even though it had it’s flaws, as far as exploits go, it was pretty straightforward — direct EIP overwrite with a jump directly to a register that pointed to our shellcode. Things aren’t always that easy. Quite often you have to do a bit more work to get the application to execute…

Read more...
In category: Exploits
Tags: , , , , , , , , , , , , , , ,