Shellphish targetted CSDS running NRFIN_00052 in round 88.


Type 1 POV

eip:0x2e2c99a - edx:0xad7d59d6


Execution control corruption via call.

Tracing data from eip: 0x8048fab tracing source of register: ecx (value: 0x2e2c99a)

0x804a9de : receive syscall (return)
0x8049368 : mov dl,byte ptr [eax+ecx]
0x8049371 : mov byte ptr [eax+ecx],dl
0x8048f99 : mov ecx,dword ptr [0x8060e90]
0x8048fab: call ecx // address: ecx value: 0x2e2c99a

Negotiated general register: edx:0xad7d59d6

Tracing data from eip: 0x8048fab tracing source of register: edx (value: 0xad7d59d6)

0x804a9de : receive syscall (return)
0x8049368 : mov dl,byte ptr [eax+ecx]
0x8049371 : mov byte ptr [eax+ecx],dl
0x8048f9f : mov edx,dword ptr [0x8060e38]
0x8048fab: call ecx // address: edx value: 0xad7d59d6

Curated by Lunge Technology, LLC. Questions or comments? Send us email