Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack

From: dev-null@no-id.com
Date: Thu May 16 2002 - 12:14:35 PDT

Next message: KF: "Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack"

Previous message: Sam Pointer: "RE: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack"
Maybe in reply to: helmut schmidt: "Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack"
Next in thread: Muhammad Faisal Rauf Danka: "Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Remember that by controlling the instruction pointer, you can jump to anywhere in the program's code.  So take a look around.  Maybe there already exists legitimate code in the text segment to spawn a shell.  Or maybe you can jump past some authentication logic right into a convenient place you want to be.

All this is highly dependent on the program you're exploiting, but it will work regardless of an exec/no exec stack.

--
This message has been sent via an anonymous mail relay at www.no-id.com.

Next message: KF: "Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack"
Previous message: Sam Pointer: "RE: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack"
Maybe in reply to: helmut schmidt: "Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack"
Next in thread: Muhammad Faisal Rauf Danka: "Re: Exploiting Buffer Overflows on Compaq Tru64 and No-Exec Stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 16 2002 - 13:14:08 PDT