Metasploit mailing list archives
2 nice pop/pop/ret :) (update)
From: class101 at hat-squad.com (class 101)
Date: Wed, 9 Mar 2005 14:09:45 +0100
but can be useful when you are NOT exploiting via the SEH frame overwrites on SP2 ;) ------------------------------------------------------------- class101 Jr. Researcher Hat-Squad.com ------------------------------------------------------------- ----- Original Message ----- From: "H D Moore" <hdm at metasploit.com> To: <framework at metasploit.com>; "class 101" <class101 at hat-squad.com> Sent: Wednesday, March 09, 2005 10:33 AM Subject: Re: [framework] 2 nice pop/pop/ret :) (update)
This actually works on SP0, SP1, SP1a, and SP2 (the last one is a ret 0x16 vs a ret 0x04). Unfortunately, pop/pop/ret addresses in a system library are completely useless under SP2 when exploiting SEH frame overwrites. -HD On Wednesday 09 March 2005 03:01, class 101 wrote:0x71ABE325 pop esi - pop - retbis - WS2_32.DLL
Current thread:
- 2 nice pop/pop/ret :) (update) class 101 (Mar 09)
- 2 nice pop/pop/ret :) (update) H D Moore (Mar 09)
- 2 nice pop/pop/ret :) (update) class 101 (Mar 09)
- 2 nice pop/pop/ret :) (update) H D Moore (Mar 09)