h3llfyr3
05-10-05, 11:00
Hi All,
This is my first dive into looking at real exploit research. As I can now do a basic overflow on code i wrote and get a shell I want to start looking at existing exploits and modifying them.
I'm looking at the melange chat sever 1.10 exploit
this one http://www.securiteam.com/exploits/6W00L1F6AS.html
and this one
http://www.securiteam.com/unixfocus/6B00N006AU.html
more code http://felinemenace.org/~circut/
They seem fairly straight forward and documented.
there is also a DOS exploit invloving the /yell command and sending 600 chars
How can i see what happens and examine the stack output when doing this?
Will i get a core dump from melange, where will it be?
When i compile it should I add the symbols table to make debugging easier.
How would you approach it?
What I am looking for is to be able to point EIP to my NOPsled and then execute portbinding shellcode. So i need to find EIP from the stack dump, which will be in the core dump.
Cheers
This is my first dive into looking at real exploit research. As I can now do a basic overflow on code i wrote and get a shell I want to start looking at existing exploits and modifying them.
I'm looking at the melange chat sever 1.10 exploit
this one http://www.securiteam.com/exploits/6W00L1F6AS.html
and this one
http://www.securiteam.com/unixfocus/6B00N006AU.html
more code http://felinemenace.org/~circut/
They seem fairly straight forward and documented.
there is also a DOS exploit invloving the /yell command and sending 600 chars
How can i see what happens and examine the stack output when doing this?
Will i get a core dump from melange, where will it be?
When i compile it should I add the symbols table to make debugging easier.
How would you approach it?
What I am looking for is to be able to point EIP to my NOPsled and then execute portbinding shellcode. So i need to find EIP from the stack dump, which will be in the core dump.
Cheers