http://aelph.llamaslap.com/Learn.Stack.Ove...tion.Part.2.avi
I am uploading a .rar of the High Resolution version now.
So I will post the link when it is uploaded.
Full Version: Learn Stack Overflow Exploitation - Part 2
bump
Here is the High Resolution version of the tutorial:
http://aelph.llamaslap.com/Learn.Stack.Ove...rt.2.Hi.Res.rar
Here is the High Resolution version of the tutorial:
http://aelph.llamaslap.com/Learn.Stack.Ove...rt.2.Hi.Res.rar
again nice one aelphais !
BUT I am still a noob and I have some questions for you guys, experts
1. Which dlls can you examine for finding the JMP ESP memory address? You used KERNEL32.dll, but I have read other
tuts which used ntdll.dll . Which ones are available ?
2. Do you ever need to jump to something else than ESP ? In which case ?
3. Do the addresses of the JMP ESP links in these DLLS always the same? if not: why not ?
4. Can you post a link for that Findjmp2, the program you used to find the JMP ESP address in kernel32.dll?
5. Is this the best method to exploit a program that has a buffer which is too small to put a shellcode in it ? Are there other/better methods?
6. Do you use nopsleds to be able to find 1 jmp address for every windows version ? Otherwise you could just point immediately to the address of your shellcode I believe...
7. Is it possible to put something behind your shellcode, let's say a JMP to an other address or something, so that the program won't crash (no segmentation fault, just won't do what it is supposed to do) ? I think there isn't (only 1 RET address) but maybe you guys know more:)
thx in advance for your answers,
Yorgi
EDIT: I found link for findjmp2:
findjmp2.zip
BUT I am still a noob and I have some questions for you guys, experts
1. Which dlls can you examine for finding the JMP ESP memory address? You used KERNEL32.dll, but I have read other
tuts which used ntdll.dll . Which ones are available ?
2. Do you ever need to jump to something else than ESP ? In which case ?
3. Do the addresses of the JMP ESP links in these DLLS always the same? if not: why not ?
4. Can you post a link for that Findjmp2, the program you used to find the JMP ESP address in kernel32.dll?
5. Is this the best method to exploit a program that has a buffer which is too small to put a shellcode in it ? Are there other/better methods?
6. Do you use nopsleds to be able to find 1 jmp address for every windows version ? Otherwise you could just point immediately to the address of your shellcode I believe...
7. Is it possible to put something behind your shellcode, let's say a JMP to an other address or something, so that the program won't crash (no segmentation fault, just won't do what it is supposed to do) ? I think there isn't (only 1 RET address) but maybe you guys know more:)
thx in advance for your answers,
Yorgi
EDIT: I found link for findjmp2:
findjmp2.zip
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.