Shellphish targetted CSDS running CROMU_00046 in round 59.


Type 1 POV

eip:0x98cb8d96 - eax:0x92efb554


Execution control corruption via return (return to: 0xbaaaaf48).

Tracing data from eip: 0x804866b tracing source of memory: 0xbaaaaf48 (value: 0xbaaaaf2d)

0x8048ed8 : or eax,ecx
0x8048edd : mov dword ptr [ecx],eax
0x8048ee2 : mov eax,dword ptr [eax]
0x8048338 : mov dword ptr [ebp+edx*4-0x58],eax
0x804866b: ret // address: 0xbaaaaf48 value: 0xbaaaaf2d

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaaf2d tracing source of memory: 0xbaaaaf2d (value: 0xefb554b8)

0x80498e9 : receive syscall (return)
0x804972e : mov bl,byte ptr [ebp-0x16]
0x8049734 : mov byte ptr [ecx],bl
0xbaaaaf2d: mov eax,0x92efb554 // address: 0xbaaaaf2d value: 0xefb554b8

Negotiated general register: eax:0x92efb554

Tracing data from eip: 0xbaaaaf37 tracing source of register: eax (value: 0x92efb554)

0xbaaaaf2d : mov eax,0x92efb554
0xbaaaaf37: jmp ebx // address: eax value: 0x92efb554

Curated by Lunge Technology, LLC. Questions or comments? Send us email