pop pop ret | Corelan Cybersecurity ResearchCorelan Cybersecurity Research

Exploit writing tutorial part 3 : SEH Based Exploits

Published July 25, 2009 |

In the first 2 parts of the exploit writing tutorial series, I have discussed how a classic stack buffer overflow works and how you can build a reliable exploit by using various techniques to jump to the shellcode. The example we have used allowed us to directly overwrite EIP and we had a pretty large […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged !exploitable, buffer, buffer overflow, cygwin, dep, dll modload, exception, exception handler, exploit, exploit laboratory, fs:[0], handler, memdump, msec.dll, msfpescan, next seh, ollydbg, pop pop ret, safeseh, seh, shellcode, stack, stack overflow, teb, tib, windbg

Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode

Published July 23, 2009 |

By Peter Van Eeckhoutte (corelanc0d3r)

Where do you want to jmp today ? In one of my previous posts (part 1 of writing stack based buffer overflow exploits), I have explained the basisc about discovering a vulnerability and using that information to build a working exploit. In the example I have used in that post, we have seen that ESP […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged 41414141, add esp, blind return, buffer, buffer overflow, bytes, dll, eip, findjmp, jmp, jmp esp, jumpcode, metasploit, nop, opcode, pop, pop pop ret, push ret, pwned, reg + offset, ret, shellcode, stack

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Exploit writing tutorial part 3 : SEH Based Exploits

Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!