Shellphish targetted CSDS running NRFIN_00052 in round 90.

Type 1 POV

eip:0x27e7942 - edx:0xbae5b1aa

Execution control corruption via call.

Tracing data from eip: 0x8048fab tracing source of register: ecx (value: 0x27e7942)

0x804a9de : receive syscall (return)
0x8049368 : mov dl,byte ptr [eax+ecx]
0x8049371 : mov byte ptr [eax+ecx],dl
0x8048f99 : mov ecx,dword ptr [0x8060e90]
0x8048fab: call ecx // address: ecx value: 0x27e7942

Negotiated general register: edx:0xbae5b1aa

Tracing data from eip: 0x8048fab tracing source of register: edx (value: 0xbae5b1aa)

0x804a9de : receive syscall (return)
0x8049368 : mov dl,byte ptr [eax+ecx]
0x8049371 : mov byte ptr [eax+ecx],dl
0x8048f9f : mov edx,dword ptr [0x8060e38]
0x8048fab: call ecx // address: edx value: 0xbae5b1aa

Curated by Lunge Technology, LLC. Questions or comments? Send us email