Shellphish targetted CSDS running NRFIN_00063 in round 58.


Type 1 POV

eip:0xb8d0afb4 - eax:0xb4f2cce7


The application exited with a segmentation fault

Tracing data from eip: 0x805253c tracing source of memory: 0xbaaaaf5c (value: 0xb8d0afb4)

0x805245d : receive syscall (return)
0x80520df : mov dl,byte ptr [ecx+eax+0xc]
0x80520e3 : mov byte ptr [ebp-0x11],dl
0x80520f5 : movsx eax,byte ptr [ebp-0x11]
0x80520f9 : mov dword ptr [ebp-0x8],eax
0x80520fc : mov eax,dword ptr [ebp-0x8]
0x8051f06 : mov byte ptr [ebp-0x21],dl
0x8051f47 : mov al,byte ptr [ebp-0x21]
0x8051f5b : mov byte ptr [edx+ecx],al
0x805253c: ret // address: 0xbaaaaf5c value: 0xb8d0afb4

Execution control corruption via return (return to: 0xbaaaaf54).

Tracing data from eip: 0x804e6ff tracing source of memory: 0xbaaaaf54 (value: 0x805253b)

0x805245d : receive syscall (return)
0x80520df : mov dl,byte ptr [ecx+eax+0xc]
0x80520e3 : mov byte ptr [ebp-0x11],dl
0x80520f5 : movsx eax,byte ptr [ebp-0x11]
0x80520f9 : mov dword ptr [ebp-0x8],eax
0x80520fc : mov eax,dword ptr [ebp-0x8]
0x8051f06 : mov byte ptr [ebp-0x21],dl
0x8051f47 : mov al,byte ptr [ebp-0x21]
0x8051f5b : mov byte ptr [edx+ecx],al
0x804e6ff: ret // address: 0xbaaaaf54 value: 0x805253b

Negotiated general register: eax:0xb4f2cce7

Tracing data from eip: 0x805253c tracing source of register: eax (value: 0xb4f2cce7)

0x805245d : receive syscall (return)
0x80520df : mov dl,byte ptr [ecx+eax+0xc]
0x80520e3 : mov byte ptr [ebp-0x11],dl
0x80520f5 : movsx eax,byte ptr [ebp-0x11]
0x80520f9 : mov dword ptr [ebp-0x8],eax
0x80520fc : mov eax,dword ptr [ebp-0x8]
0x8051f06 : mov byte ptr [ebp-0x21],dl
0x8051f47 : mov al,byte ptr [ebp-0x21]
0x8051f5b : mov byte ptr [edx+ecx],al
0x805253b : pop eax
0x805253c: ret // address: eax value: 0xb4f2cce7

Curated by Lunge Technology, LLC. Questions or comments? Send us email