lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 23 May 2007 10:23:32 -0000
From: c0ntexb@...il.com
To: bugtraq@...urityfocus.com
Subject: Re: Magic iso heap over flow <Help>

"Im looking for help in writing a simple poc  for service pack 2 xp as i know we cant use!peb method with sp2 im looking for a better way any hellp would be great."

What is the instruction that it crashes on? this is the important part, not always so much 'what' you write but 'how' you overwrite.

If it is something like:

MOV DWORD PTR DS:[ECX],EAX
MOV DWORD PTR DS:[EAX+4],ECX

then you have a bunch of stuff to play with and exploitation should be a piece of cake, overwrite some pointer for example. Otherwise it might well be a little trickier but from what you post it looks pretty good.

Anyway, paste where it crashes in the assembler.

regards,
c0ntex

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ