Shellphish targetted Disekt running NRFIN_00052 in round 95.


Type 1 POV

eip:0x8c8a1172 - edx:0x558699ba


Execution control corruption via call.

Tracing data from eip: 0x804904f tracing source of register: ecx (value: 0x8c8a1172)

0x804a86d : receive syscall (return)
0x804938e : mov dl,byte ptr [eax+ecx]
0x8049397 : mov byte ptr [eax+ecx],dl
0x8048fd0 : mov ecx,dword ptr [0x804cf58]
0x8048fee : mov dword ptr [0x804bea4],ecx
0x8049043 : mov ecx,dword ptr [0x804bea4]
0x804904f: call ecx // address: ecx value: 0x8c8a1172

Negotiated general register: edx:0x558699ba

Tracing data from eip: 0x804904f tracing source of register: edx (value: 0x558699ba)

0x804a86d : receive syscall (return)
0x804938e : mov dl,byte ptr [eax+ecx]
0x8049397 : mov byte ptr [eax+ecx],dl
0x8048fd6 : mov edx,dword ptr [0x804cf00]
0x8048fe8 : mov dword ptr [0x804bea0],edx
0x804903d : mov edx,dword ptr [0x804bea0]
0x804904f: call ecx // address: edx value: 0x558699ba

Curated by Lunge Technology, LLC. Questions or comments? Send us email