I finally finished it and then asked corelanc0d3r from the Corelan team to test it. The exploits was good, but there were some ROP gadgets that differed so we tried to replace them and this came up: http://www.exploit-db.com/exploits/16072/
Everything seems ok ... but something was weird, as you can see we have a ROP gadget containing:
# INC ESI # PUSH EAX # POP ESI # POP EBP # RETN 4I had some issues with padding RETN 4, so I asked corelanc0d3r for a general padding rule, and then we realized that no one actually has one. ( Or not one that we know about. ) So we started documenting it and finally this came up: Corelan Site
ok ,acest limbaj de programare asamblare ma cam enerveaza ,nu ai putea sa imi dai unele referinte de unde as putea sa invat cat mai multe despre chestile acestea , cu shellcode-ul m-am lamurit am reusit ceva basic ,dar cu buffer inca nu am reusit ,mai ales ca acuma incerc pe 64 si clar registrii procesorului sunt schimbati la fel ca stivele :) ...daca ai putea sa ma lamuresti asa un pic mai pe intelesul meu :) ,,,multumesc
ReplyDelete