Commentaires sur : Exploit Pidgin MSN 2.5.8 exécution de code à distance

Par : Pierre

Pierre — Thu, 25 Mar 2010 15:08:46 +0000

Well, it convert an integer (the return address) to a byte array.

You can’t do
payload[shellcode.length] = neweip;

with neweip = 0x0022CFCC it mean that :
/*
payload[shellcode.length] = (byte)(neweip & 0×000000FF);
// payload[shellcode.length] = 0xCC;
payload[shellcode.length + 1] = (byte)((neweip & 0×0000FF00) >> 8);
// payload[shellcode.length + 1] = 0xCF;
payload[shellcode.length + 2] = (byte)((neweip & 0×00FF0000) >> 16);
// payload[shellcode.length + 2] = 0×22;
payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24);
// payload[shellcode.length + 3] = 0×00;
*/

Par : b0mb

b0mb — Thu, 25 Mar 2010 14:49:56 +0000

Excuse me for my english..Hello Pierre…
I have a question that disturb me ..That is the function above … What does it do ?

/*
payload[shellcode.length] = (byte)(neweip & 0x000000FF);
payload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8);
payload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16);
payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24);
*/

what is the meaning of this ? I saw this algorithm in exploits but i couldnt understand..Thank u for your understand..hava a nice day..

Par : john

john — Sun, 15 Nov 2009 18:04:07 +0000

w000t indahax is back