exploit laboratory | Corelan Cybersecurity ResearchCorelan Cybersecurity Research

Exploit writing tutorial part 3 : SEH Based Exploits

Published July 25, 2009 |

In the first 2 parts of the exploit writing tutorial series, I have discussed how a classic stack buffer overflow works and how you can build a reliable exploit by using various techniques to jump to the shellcode. The example we have used allowed us to directly overwrite EIP and we had a pretty large […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged !exploitable, buffer, buffer overflow, cygwin, dep, dll modload, exception, exception handler, exploit, exploit laboratory, fs:[0], handler, memdump, msec.dll, msfpescan, next seh, ollydbg, pop pop ret, safeseh, seh, shellcode, stack, stack overflow, teb, tib, windbg

Exploit writing tutorial part 1 : Stack Based Overflows

Published July 19, 2009 |

By Peter Van Eeckhoutte (corelanc0d3r)

Last friday (july 17th 2009), somebody (nick)named ‘Crazy_Hacker’ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via packetstormsecurity.org. (see http://packetstormsecurity.org/0907-exploits/). The vulnerability report included a proof of concept exploit (which, by the way, failed to work on my MS Virtual PC based XP SP3 En). Another exploit was […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged 41414141, buffer, buffer overflow, buffersize, bytes, discover, ebp, eip, esp, exploit, exploit laboratory, exploit writing tutorial, hack, learn, metasploit, nop, nop sled, nop slide, overflow, pattern_create, pattern_offset, pop, push, register, saumil shah, shellcode, sk chong, stack, stack overflow, write

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Exploit writing tutorial part 3 : SEH Based Exploits

Exploit writing tutorial part 1 : Stack Based Overflows

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!