Results 1 to 3 of 3

Thread: Changing a program memory to jump to shellcode

  1. #1
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default Changing a program memory to jump to shellcode

    Hi
    I've been trying to change a programs memory to jump to some shellcode, i've got the shellcode in there and have changed some data in the TIB region but the program keeps crash as other code uses that place in memory. I won't beable to overwrite esp,ebp.
    I was wondering if anyone know a place with RW access that only gets called by one function,doesn't crash or a better idea how to get eip.

    Thanks

  2. #2
    Senior Member daedalus1776's Avatar
    Join Date
    Jan 2012
    Location
    Australia
    Posts
    112

    Default Re: Changing a program memory to jump to shellcode

    use "jmp esp" from user32.dll or another process that is likely to be running, to overwrite eip. Backtrack has a tool called pattern_create you can use to generate a unique string. Use that string to cause a buffer overflow and then pattern_offset to find out the location of the bytes used to overwrite eip. Hope that helps...

  3. #3
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default Re: Changing a program memory to jump to shellcode

    Thanks daedalus1776, but I can't use the bufferoverflow ways. The program uses virtualalloc to make a thread in iexplore.exe and copys some shellcode that calls loadlibary to run a dll.
    The problem is when its debugged in iexplore it runs ok and loads the dll most times(sometimes goes to different code and crash), but when its not attached it crashs allways.
    When the iexplores running, I can't find a place on the stack to overwrite to get control?

Similar Threads

  1. Limit amount of memory a program uses
    By BT180 in forum BackTrack 5 Beginners Section
    Replies: 1
    Last Post: 10-15-2011, 06:14 AM
  2. ShellCode
    By trisogono in forum BackTrack 5 General Topics
    Replies: 2
    Last Post: 07-29-2011, 04:00 PM
  3. I am new to Linux and BackTrack, can I jump straight in and start using BackTrack?
    By balding_parrot in forum Frequently Asked Questions
    Replies: 0
    Last Post: 02-28-2010, 05:51 AM
  4. exploit write, small jump
    By compaq in forum OLD Pentesting
    Replies: 12
    Last Post: 11-09-2009, 04:16 AM
  5. Need help ready to jump a bridge lol
    By digiuk in forum OLD BT3final Support
    Replies: 0
    Last Post: 09-29-2008, 07:28 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •