[framework] XMPlayer PLS Buffer Overflow Module
Greg Linares
glinares.code at gmail.com
Tue Nov 28 21:58:10 CST 2006
hate to double post but that tool Jerome mentioned is called EEReap from Eeye.
If no one grabs a universal address by tomorrow i'll probably dive in
and try for it :)
On 11/28/06, Greg Linares <glinares.code at gmail.com> wrote:
> The dll's were packed with some sort of packer, the msfpescan said
> peTITE but they didnt decompress right. Jerome suggested using a tool
> Eeye makes that gets addresses from files in memory so compression
> isnt a problem. I just havent had whole lot of time to work on that
> meta file because i was working on 2 more exploits. If someone does
> come up with a universal address in the .dlls feel free to modify my
> ruby file accordingly. I tried to include as much as i could.
>
> On 11/28/06, Nicob <nicob at nicob.net> wrote:
> > Le lundi 27 novembre 2006 à 15:09 -0700, Greg Linares a écrit :
> >
> > > [ 'Windows 2000 Pro English SP4', { 'Ret' => 0x77e14c29 } ],
> > > [ 'Windows XP Pro SP2 English', { 'Ret' => 0x77db41bc } ],
> > > [ 'Windows 2003 SP0 and SP1 English', { 'Ret' => 0x77d74adc } ],
> > > [ 'Windows XP Pro SP2 French', { 'Ret' => 0x77d8519f } ],
> > > [ 'Windows XP Pro SP2 German', { 'Ret' => 0x77d873a0 } ],
> > > [snip]
> >
> > Woo, a lot of targets. There's no DLL installed with XMPlay which could
> > be used as a more universal return address ?
> >
> >
> > Nicob
> >
> >
>
More information about the framework
mailing list