Notice the WINDOWS.h

What address schould I take?


C:\Program Files\Microsoft Visual Studio\MyProjects\findjmp\Debug>findjmp oleac
.dll EBX

Findjmp, Eeye, I2S-LaB
Findjmp2, Hat-Squad
Scanning oleacc.dll for...

How did you find \x50\x69\xc9\x74?
I tried running findjmp oleacc.dll EBX and there were 3 pop pop ret's I tried all 3 of them, all of them made a file called pwnt but none of them made the bind...

Please take a look at this topic.

http://forums.remote-exploit.org/showthread.php?t=14638

No it's for the example code above I posted, but it doesn't work.

For some reason when my buffer is not 1024 but like 600 it doesn't overwrite EBP and EIP..

Even with a buffer of 1024 and I...

I'm also trying to make a remote buffer overflow with a test code

my server:

#include <winsock2.h>
#include <stdio.h>
#pragma comment(lib,"ws2_32")

int main(void)
{

Don't ask me why, but I removed

addr = get_sp(); // get the address of our shellcode hopefully.

and changed

unsigned long addr; // addr of shellcode.
to

unsigned...

I really got to thank you :) Works great now!

EDIT: Well, it works by loading an egg, but not with this code..


#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define NOP 0x90...

I would like to exploit this code

#include <stdio.h>
#include <stdlib.h>

// 1024 bytes buffer
// 4 bytes to overwrite ebp
// 4 bytes to overwrite eip
// 1032 bytes :)

I was wondering if anyone could make a tutorial or a video thats demonstrating a simple buffer overflow on BackTrack.. I tried allot of tutorials already but none of them work on BackTrack.

Whats wrong with this code?


#include <stdio.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{

if(argc < 2)

I think the address on bt is different from 0xffffe000, is there any way to search for it?

What kernel will work do you think?

So I'm gonna have to look for another tutorial?

Well, I'm gonna read the whole tutorial again. I'll reply to this thread again after I'm done :)
Btw, can you change the bt~# to root@bt# in the terminal?

gcc bytescan.c -o bytescan

after that I just do ./bytescan

Why when I compile and run this there doesn't pop out an address?


#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main(int argc, char *argv[]) {
int i, jmps;
...

I cannot change the volume in xmms, but after I do 'alsamixer' in terminal I can change the volume.. How can I fix that?

Well I editted all the files you can in the boot folder, I changed 'Slax' to 'Something' in every file you can open.

I have downloaded Slax and I have a folder 'boot' and a folder 'slax' I tried changing 'slax' to 'Something' but now I get a fatal error when booting, I editted some stuff in the boot folder

Is BT build with Linux From Scratch to?

I would like to make my own Linux distro, anyone has some good links?

I'm dual booting, but I installed it from USB stick, when I type 'lilo' in Konsole it gives me

Fatal: /vmlinuz: neither a reg. file nor a block dev.
How can I fix that? Oo

I got BT3 installed now..

But I still get


01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ....

When I don't put my USB stick in my comp..

So I think my lilo bootscreen is on...

I followed this tut with BT3


forums.remote-exploit.org/showthread.php?t=1396

And when I reboot my comp I see


01 01 01 01 01 01 01 01 01 01 0101 01 01 01 01 01 01 01 01 01 0101 01 01 01...