While I'm not a coder, I've always heard that it can be dirty work. After reading this paragraph in your paper:
" We've used just 10 numbers in this sequence, so our buffer was 1 for alignment and the numbers 1 2 3 4 5 6 7 8 9 1 with shits between them, so....as the number in eip was 2 (32323232) we just reached what we wanted ;)." I now know why buffer overflow coding is not for me. Maybe you reached what you wanted, but umm, speak for yourself... ;-) ----- Original Message ----- From: "shadown" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, September 13, 2004 4:24 PM Subject: [Full-Disclosure] New Security paper released > Hi, > > I've just released 'Win32 Stack BufferOverFlow Real Life Vuln-Dev > Process' paper. > Which covers the hole process of vuln-dev, from discovering the bug > till exploiting it. > You can download it from: http://hack3rs.org/~shadown/Twister/ > I hope you'll enjoy it. > Cheers, > shadown > -- > Sergio Alvarez > Security, Research & Development > IT Security Consultant > email: [EMAIL PROTECTED] > > This message is confidential. It may also contain information that is > privileged or otherwise legally exempt from disclosure. If you have > received it by mistake please let us know by e-mail immediately and > delete it from your system; should also not copy the message nor > disclose its contents to anyone. Many thanks. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
