exploiting buffer overflow??
Results 1 to 7 of 7

Thread: exploiting buffer overflow??

  1. #1
    Junior Member
    Join Date
    Feb 2002
    Posts
    10

    exploiting buffer overflow??

    Hi there.........i have found a buffer overflow situation in a windows baesed mail daemon........and i want to exploit it to run arbitrary commands..........i have decided to test it on my local machine so as to execute notepad.exe ............now the problem being that i couldn't successfully code the exploit for this....:-(...........i was trying CreateProcessA to run notepd.exe............i examined this API and found that it pushes 10 parameters before going in for a call............i tried maually adding code in debugger , but the call CreateProcessA doesn't give any results........
    so can anyone guide me about how to achieve this ( about createproces API).......or is there any other API/method by which i can achieve it????

    Thnx in advance.
    theeta.

  2. #2
    Junior Member
    Join Date
    Feb 2002
    Posts
    10
    Okay ......lemme rephrase my question..........

    How can i run a process on a system (WinExec?? ) .........

    anyone???

    theeta.

  3. #3
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123
    i smell something funny....

    /me howls

  4. #4
    Junior Member
    Join Date
    Feb 2002
    Posts
    10
    hehe.........i meant how exactly to use WinExec API...........

    it requires two parameters to be PUSHed........i tried it a lot but no avail.....
    so is there any "exploit coder" who can help me out of this???

    theeta.

  5. #5
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Probably not at a security site, but keep trying. You never know.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  6. #6
    Junior Member
    Join Date
    Feb 2002
    Posts
    10
    hmmmmm.............antipoints for this thread???????
    heh..........i don't give a damn.........
    FYI i worked it out ( the WinExec thing. )...........actually the API is as following......

    UINT WinExec(

    LPCSTR lpCmdLine, // address of command line
    UINT uCmdShow // window style for new application
    );
    ......and the command line which i was passing wasn't null terminated...:-D.........that's why it wasn't running.......
    thank u all for not being of much help.......which pushed me to figure it out myself ,, and yeah, i learnt a lot.....as far as -ive antipoints are concerned i think i have guessed who is it.. ( acid???)....

    bye
    theeta.

  7. #7
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    <sarcasm> Wow, that's great - I'm so impressed. </sarcasm>
    - Maverick

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •