Shellphish targetted ForAllSecure running CROMU_00046 in round 58.


Type 1 POV

eip:0x508ca5bf - eax:0xb98d9efc


Execution control corruption via return (return to: 0xbaaaaf48).

Tracing data from eip: 0x804866b tracing source of memory: 0xbaaaaf48 (value: 0xbaaaaf2d)

0x8048ed8 : or eax,ecx
0x8048edd : mov dword ptr [ecx],eax
0x8048ee2 : mov eax,dword ptr [eax]
0x8048338 : mov dword ptr [ebp+edx*4-0x58],eax
0x804866b: ret // address: 0xbaaaaf48 value: 0xbaaaaf2d

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaaf2d tracing source of memory: 0xbaaaaf2d (value: 0x8d9efcb8)

0x80498e9 : receive syscall (return)
0x804972e : mov bl,byte ptr [ebp-0x16]
0x8049734 : mov byte ptr [ecx],bl
0xbaaaaf2d: mov eax,0xb98d9efc // address: 0xbaaaaf2d value: 0x8d9efcb8

Negotiated general register: eax:0xb98d9efc

Tracing data from eip: 0xbaaaaf37 tracing source of register: eax (value: 0xb98d9efc)

0xbaaaaf2d : mov eax,0xb98d9efc
0xbaaaaf37: jmp ebx // address: eax value: 0xb98d9efc

Curated by Lunge Technology, LLC. Questions or comments? Send us email