Peter Van Eeckhoutte's Blog

:: [Knowledge is not an object, it´s a flow] ::

Posts Tagged ‘findjmp’

Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode

July 23rd, 2009 |

Author: Peter Van Eeckhoutte

Viewed 16,817 time(s) |

Add this post to Your Favorite Posts

Where do you want to jmp today ? In one of my previous posts (part 1 of writing stack based buffer overflow exploits), I have explained the basisc about discovering a vulnerability and using that information to build a working exploit. In the example I have used in that post, we have seen that ESP pointed almost directly at the begin of our buffer (we only had to prepend 4 bytes to the shellcode to make ESP point directly at the shellcode), and we could use a “jmp esp” statement to get the shellcode to run. Note : This tutorial heavily builds on part 1 of the tutorial series, so please take the time to fully read and understand part 1 before reading part 2. The fact that we could use “jmp esp” was an …

– Read more »

Posted in 001_Security, Exploit Writing Tutorials, Exploits |

Tags: 41414141, add esp, blind return, buffer, buffer overflow, bytes, dll, eip, findjmp, jmp, jmp esp, jumpcode, metasploit, nop, opcode, pop, pop pop ret, push ret, pwned, reg + offset, ret, shellcode, stack |

Meet me at Brucon 2010

Meet me at Brucon 2010 !

Peter says:

« All of the info and all tools on this blog are free. Keeping this blog in the air is quite expensive.
So if you like what I do and want to show your respect for my work, please consider donating (use the Donate link above)

There is no way I can keep this site up and running without your help.

»     ...     « If you have enjoyed a certain post or like one of my tools, don't forget to vote/rate it !

»     ...     « If you have questions about certain posts, content or tools published on this website, then please use the forums to post questions. Don't write your questions in the Comments section.

»     ...     « If you want to be the first to know about new posts/tools/tutorials on this blog, then subscribe to the mailinglist. Use the 'Subscribe to updates via email' link below (in the Stay posted section)

»

Categories