Shellphish targetted ForAllSecure running CROMU_00051 in round 73.

Type 1 POV

eip:0xaaeab4b2 - edi:0xb2884f0b

The application exited with a segmentation fault

0x804bb66: 0x804bb66 // esp: 0xbaaaac98

Execution control corruption via return (return to: 0xbaaaac98).

Tracing data from eip: 0x804bb66 tracing source of memory: 0xbaaaac98 (value: 0xaaeab4b2)

0x804fef7 : receive syscall (return)
0x8049985 : mov al,byte ptr [ebp-0x29]
0x8049999 : mov byte ptr [edx+ecx],al
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804bb66: ret // address: 0xbaaaac98 value: 0xaaeab4b2

Negotiated general register: edi:0xb2884f0b

Tracing data from eip: 0x804bb66 tracing source of register: edi (value: 0xb2884f0b)

0x804fef7 : receive syscall (return)
0x8049985 : mov al,byte ptr [ebp-0x29]
0x8049999 : mov byte ptr [edx+ecx],al
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804f6e7 : mov dl,byte ptr [eax]
0x804f6f7 : mov byte ptr [eax],dl
0x804bb63 : pop edi
0x804bb66: ret // address: edi value: 0xb2884f0b

Curated by Lunge Technology, LLC. Questions or comments? Send us email