[Help]Rebuilding vlc_realtext exploit
I'm trying to rebuild the vlc_realtext exploit myself, I have already understanded the vulnerability well. The problem is I can't find the proper way to inject my own shellcode.
This is .rt file that triggers the vulnerability :
with 84 of As we can overwrite the EDI register.
<window height="250" width="300" duration="15" bgcolor="yellow">
Mary had a little lamb,
<br/><time begin="6"/>little lamb,
<br/><time begin="9"/>Mary had a little lamb
<br/><time begin="12"/>whose fleece was white as snow.
but I did not understand how the shellcode is going to be inject, I mean how the metasploit module that I linked above injecting the shellcode.
I saw it under debugger but it was not clear for me.
It would be nice to give me a tip on this.
Re: [Help]Rebuilding vlc_realtext exploit
The structure of the exploit is as follows:
[72 bytes of junk][address of jmp esp cmd][short jump (6 bytes) over writable address][2 byte pad][writable address in memory][nops][shellcode]