Shellphish targetted ForAllSecure running NRFIN_00052 in round 93.


Type 1 POV

eip:0x28126b1 - edx:0x6d8df9ae


Execution control corruption via call.

Tracing data from eip: 0x8048fab tracing source of register: ecx (value: 0x28126b1)

0x804a9de : receive syscall (return)
0x8049368 : mov dl,byte ptr [eax+ecx]
0x8049371 : mov byte ptr [eax+ecx],dl
0x8048f99 : mov ecx,dword ptr [0x8060e90]
0x8048fab: call ecx // address: ecx value: 0x28126b1

Negotiated general register: edx:0x6d8df9ae

Tracing data from eip: 0x8048fab tracing source of register: edx (value: 0x6d8df9ae)

0x804a9de : receive syscall (return)
0x8049368 : mov dl,byte ptr [eax+ecx]
0x8049371 : mov byte ptr [eax+ecx],dl
0x8048f9f : mov edx,dword ptr [0x8060e38]
0x8048fab: call ecx // address: edx value: 0x6d8df9ae

Curated by Lunge Technology, LLC. Questions or comments? Send us email