 | |
| |||||||
| Hacking Discuss the art of hacking, your experiences, etc... |
Getting address of shellcode into ESP?This is a discussion on "Getting address of shellcode into ESP?" within the Hacking part of the Computer Security: Discussions section; There is a remote vulnerability in a multiplayer game. I am new to this but have been able overflow the buffer and change the return address to one that points to `call esp` inside kernel32.dll. I've read several ... |
 |
| | LinkBack | Thread Tools | Display Modes |
02-02-09
| |||
| |||
 Getting address of shellcode into ESP? There is a remote vulnerability in a multiplayer game. I am new to this but have been able overflow the buffer and change the return address to one that points to `call esp` inside kernel32.dll. I've read several articles but I'm still not sure how I would overwrite ESP register or somehow get the address of my shellcode into it? I'm sending the data like this... [Normal data] [OVERFLOW AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] [Return Address - call esp] [Shellcode?] Doing the above works on a simple vulnerable program I wrote (testing locally), but the shellcode doesn't get executed on the game. It goes to 'call esp' but how do I get ESP to point to location of my shellcode?  Last edited by danny3; 02-02-09 at 19:50.  |
| Sponsor | ||
| ||
| |
|
26-01-11
| |||
| |||
| Re: Getting address of shellcode into ESP? There is a remote vulnerability in a multiplayer game. I am new to this but have been able overflow the buffer and change the return address to one that points to `call esp` inside kernel32.dll. It will be done as soon as possible.
__________________ new malden taxi |
| Sponsor | ||
| ||
| |
|
| | |
| esp, register, shellcode, windows | |
« Hijacking the Internet using a BGP MITM Attack
|
Can Any One Learn Me Overflow Or Give Some informations »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
