Remember that by controlling the instruction pointer, you can jump to anywhere in the program's code. So take a look around. Maybe there already exists legitimate code in the text segment to spawn a shell. Or maybe you can jump past some authentication logic right into a convenient place you want to be. All this is highly dependent on the program you're exploiting, but it will work regardless of an exec/no exec stack. -- This message has been sent via an anonymous mail relay at www.no-id.com.
This archive was generated by hypermail 2b30 : Thu May 16 2002 - 13:14:08 PDT