ScriptGod
Apr 29 2004, 12:35 PM
| QUOTE (Killaloop @ Apr 29 2004, 12:11 AM) |
| QUOTE (ScriptGod @ Apr 28 2004, 11:38 PM) |
if you read this as an ANSI string (under xp) the 0 characters is found at the 2nd position, so there is only a string with one byte -> no buffer overflow, no epxloiting, no crash |
I know the difference
all I can tell is that I got crashed because of this exploit and look at board postings you will see that I'm not the only one
|
did you try this with the exploits on k-otik? well it's very easy to let it have an affect on xp, just remove some lines.
but let xp execute your code, you need to change the position of eip in the buffer, too. because this differs in ANSI and UNICODE... that's all i can tell you.
@all
if you know how to use a debugger and vmware, you should be able to write one.
just take the debugger and look whats happening
101
Apr 29 2004, 12:39 PM
damn stop to flame scriptgod .... lsass discussion should be closed now ...
DaClueless
Apr 29 2004, 01:06 PM
| QUOTE (101 @ Apr 29 2004, 12:39 PM) |
| damn stop to flame scriptgod .... lsass discussion should be closed now ... |
I agree.
scriptgod trys to be helpful, and looks what happens.
hifil0wlife
Apr 29 2004, 03:27 PM
if anyone got a working universal xp version of this exploit let me know. I'll pay your rent for a few months if it works, how is that for a deal? pm me.
if you just want to try to impress people by calling others "kiddies" or promote yourself as a law-abiding citizen or whatever please keep it to yourself. put up or shut up. thx.
MxMx
Apr 29 2004, 04:01 PM
| QUOTE (hifil0wlife @ Apr 29 2004, 03:27 PM) |
if anyone got a working universal xp version of this exploit let me know. I'll pay your rent for a few months if it works, how is that for a deal? pm me.
if you just want to try to impress people by calling others "kiddies" or promote yourself as a law-abiding citizen or whatever please keep it to yourself. put up or shut up. thx. |
OMG .. U really think people are crazy
DaClueless
Apr 29 2004, 04:31 PM
| QUOTE (hifil0wlife @ Apr 29 2004, 03:27 PM) |
if anyone got a working universal xp version of this exploit let me know. I'll pay your rent for a few months if it works, how is that for a deal? pm me.
if you just want to try to impress people by calling others "kiddies" or promote yourself as a law-abiding citizen or whatever please keep it to yourself. put up or shut up. thx. |
If you dont want to spend the time with debugging figuring out why the exploit is working. You can always spend money.
Core Impact - $1500 USD
http://www.coresecurity.com/products/coreimpact/index.phpCANVAS - $995 USD
http://www.immunitysec.com/products-canvas.shtml
shii
Apr 29 2004, 05:29 PM
+- TO BE CLOSED -+
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
