We found 1576 results, you can use any of these, make sure the one you are using does not have any bad character, in this case, it would be any string terminating character ( Newline (0xA), Return Carriage (0xD), or Null Byte (0x00)) and you can also use mona.py to ensure that there is no ASLR, or re-base. In the CPU section we'll right click, Search For > All Modules > Command, and type in JMP ESP and wait for our results in the references tab. We'll take help from 圆4db and try to find JMP ESP in all the modules. Now we have to find the instruction JMP ESP and replace 0xCCCCCCCC with it's address and we'll be able to jump to our shell-code area. To our good luck, we can see that ESP points to the starting of the C's in our payload, we'll this is just awesome.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |