Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: buffer overflow offsets?

From: axez () bigfoot com
Date: Thu, 12 Jul 2001 14:05:22 -0000 (/etc/localtime
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is a possibility that exploits you have tried were slightly altered by
their authors to make it harder to use for script kiddies.


AxeZ
On 09-Jul-2001 Ivan D Nestlerode wrote:


Is there a general method for determining the proper
offset for buffer overflow exploits?

The context here is a pen test where I have
gleaned enough information about the target machine
to know that it is running vulnerable network services.
I found exploits for these services, but none of them
worked properly. I suspects the offsets are not correct.

How does one go about tuning these offsets (assuming
I don't know the exact architecture of the target machine
and that I don't have any account on that machine)?

Thanks in advance for any information,
Ivan

------------------------------------------------------------------------------
--------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service
For more information on SecurityFocus' SIA service which automatically alerts
you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/


- -- 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjtMXFwACgkQrYPSDdLHTIArowCeOR4zyUHOFvkjPJynh9f1YCKq
YYgAmgJsyQyGepCyxMW6rGXZw7U6RipW
=GF7o
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: