Security SiftWindows Exploit Development – Part 5: Locating Shellcode With Egghunting
Overview In Part 4 we looked at how to find and execute your shellcode using various jump methods. In Part 5 we’re going to look at another method to find your shellcode called Egghunting. This method is especially useful when you’re faced with a small, reachable buffer (in which you can execute code) but the placement of your larger shellcode in memory is unpredictable. This post will get into quite…
Read more...Tags:coolplayer , egg sandwich , egghunter , egghunting , exploit , exploit development , omelette , shellcode , windows
Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules
are closed
Overview In Part 2 we constructed a basic stack based overflow exploit for ASX To MP3 Converter. As I indicated in that post, the exploit itself is far from perfect. Successful EIP overwrite is influenced by the file path of the m3u file. In addition, although application modules are preferred when selecting jump/call addresses, the application DLL we used was rebased, meaning the address to our CALL EBX instruction is…
Read more...
are closed