tag:blogger.com,1999:blog-9099779.post5772291929866024580..comments2024-03-23T23:09:17.426+01:00Comments on StalkR's Blog: CSAW Exploit 1 Write-up - FreeBSD remote stack based buffer overflowStalkRhttp://www.blogger.com/profile/15113480981262771031noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-9099779.post-13284712831887026692010-10-02T02:22:16.589+02:002010-10-02T02:22:16.589+02:00Good! Nothing, just wanted to know :) thanksGood! Nothing, just wanted to know :) thanksStalkRhttps://www.blogger.com/profile/15113480981262771031noreply@blogger.comtag:blogger.com,1999:blog-9099779.post-67096640915447392592010-10-01T16:21:27.340+02:002010-10-01T16:21:27.340+02:00@StalkR: sorry, I use bsd/x86/shell/reverse_tcp Re...@StalkR: sorry, I use bsd/x86/shell/reverse_tcp Reverse TCP Stager . What wrong ?tiến điênhttps://www.blogger.com/profile/18411726888669918045noreply@blogger.comtag:blogger.com,1999:blog-9099779.post-46106474955498049072010-10-01T07:48:38.113+02:002010-10-01T07:48:38.113+02:00I used http://www.shell-storm.org/shellcode/files/...I used http://www.shell-storm.org/shellcode/files/shellcode-676.php<br />Now i looked at it, and it uses edi as pointer to store data >_<. And it's not initialized :(<br />mov edi, ebp solves the problem...rnysteryhttps://www.blogger.com/profile/06840732133786330958noreply@blogger.comtag:blogger.com,1999:blog-9099779.post-89524667565125056342010-09-30T10:45:53.671+02:002010-09-30T10:45:53.671+02:00teach :)
cr4zyboy: sorry I didn't mean the me...teach :)<br /><br />cr4zyboy: sorry I didn't mean the metasploit version, but which payload did you use? payload/bsd/x86/shell_reverse_tcp, payload/bsd/x86/shell/reverse_tcp or the bsdi versions? I think I tried one it didn't work then I used sbz's.StalkRhttps://www.blogger.com/profile/15113480981262771031noreply@blogger.comtag:blogger.com,1999:blog-9099779.post-2354392541026811752010-09-30T08:05:14.884+02:002010-09-30T08:05:14.884+02:00oh StalkR, my metasploit is version 3.4.0-dev . Ea...oh StalkR, my metasploit is version 3.4.0-dev . Easy to made a bsd reverse tcp/ip shellcode.tiến điênhttps://www.blogger.com/profile/18411726888669918045noreply@blogger.comtag:blogger.com,1999:blog-9099779.post-15093811656670901812010-09-30T00:07:05.204+02:002010-09-30T00:07:05.204+02:00hey nice one here too. i first spotted the vuln in...hey nice one here too. i first spotted the vuln in something like 30s of analysis (really this was a piece of cake in front of defcon pp300 when milo ipv and I reversed like 80% of the code before founding the heap overflow and reconstructed the user struct and finally start looking for a way to get the flag through it) but due the sucking freebsd 7.3 vm that i had at the time (and the also-sucking-gdb built whitin it) wasn't able to start the exploitation process. thankx dude. tu as vaincu l'ennemi et l'honneur demeura sauf :))teachhttp://www.vxhell.org/~teachnoreply@blogger.comtag:blogger.com,1999:blog-9099779.post-59017468415908625832010-09-29T21:28:43.987+02:002010-09-29T21:28:43.987+02:00haha hellman, nice :)
oh indeed cr4zyb0y! metasplo...haha hellman, nice :)<br />oh indeed cr4zyb0y! metasploit <3 which one did you use?<br /><br />Note: I edited the post, it's not strictly a "stack overflow" but a "stack based buffer overflow", my mistake.StalkRhttps://www.blogger.com/profile/15113480981262771031noreply@blogger.comtag:blogger.com,1999:blog-9099779.post-65338914477266649602010-09-29T14:12:35.131+02:002010-09-29T14:12:35.131+02:00about the shellcode, we can make it easily by gene...about the shellcode, we can make it easily by generated it by metasploit . :)tiến điênhttps://www.blogger.com/profile/18411726888669918045noreply@blogger.comtag:blogger.com,1999:blog-9099779.post-16593345963431140552010-09-29T10:17:39.246+02:002010-09-29T10:17:39.246+02:00nice writeup ;)
The connect-back shellcode i used...nice writeup ;)<br /><br />The connect-back shellcode i used didnt work, and i wrote my own to read file.. Spent a lot of time, but got it :)rnysteryhttps://www.blogger.com/profile/06840732133786330958noreply@blogger.comtag:blogger.com,1999:blog-9099779.post-62364630692784819102010-09-29T06:18:30.038+02:002010-09-29T06:18:30.038+02:00the same my way, :)the same my way, :)tiến điênhttps://www.blogger.com/profile/18411726888669918045noreply@blogger.com