Shellphish targetted ForAllSecure running NRFIN_00063 in round 59.

Type 1 POV

eip:0xa19c96bf - eax:0x498accea

The application exited with a segmentation fault

Tracing data from eip: 0x805253c tracing source of memory: 0xbaaaaf5c (value: 0xa19c96bf)

0x805245d : receive syscall (return)
0x80520df : mov dl,byte ptr [ecx+eax+0xc]
0x80520e3 : mov byte ptr [ebp-0x11],dl
0x80520f5 : movsx eax,byte ptr [ebp-0x11]
0x80520f9 : mov dword ptr [ebp-0x8],eax
0x80520fc : mov eax,dword ptr [ebp-0x8]
0x8051f06 : mov byte ptr [ebp-0x21],dl
0x8051f47 : mov al,byte ptr [ebp-0x21]
0x8051f5b : mov byte ptr [edx+ecx],al
0x805253c: ret // address: 0xbaaaaf5c value: 0xa19c96bf

Execution control corruption via return (return to: 0xbaaaaf54).

Tracing data from eip: 0x804e6ff tracing source of memory: 0xbaaaaf54 (value: 0x805253b)

0x805245d : receive syscall (return)
0x80520df : mov dl,byte ptr [ecx+eax+0xc]
0x80520e3 : mov byte ptr [ebp-0x11],dl
0x80520f5 : movsx eax,byte ptr [ebp-0x11]
0x80520f9 : mov dword ptr [ebp-0x8],eax
0x80520fc : mov eax,dword ptr [ebp-0x8]
0x8051f06 : mov byte ptr [ebp-0x21],dl
0x8051f47 : mov al,byte ptr [ebp-0x21]
0x8051f5b : mov byte ptr [edx+ecx],al
0x804e6ff: ret // address: 0xbaaaaf54 value: 0x805253b

Negotiated general register: eax:0x498accea

Tracing data from eip: 0x805253c tracing source of register: eax (value: 0x498accea)

0x805245d : receive syscall (return)
0x80520df : mov dl,byte ptr [ecx+eax+0xc]
0x80520e3 : mov byte ptr [ebp-0x11],dl
0x80520f5 : movsx eax,byte ptr [ebp-0x11]
0x80520f9 : mov dword ptr [ebp-0x8],eax
0x80520fc : mov eax,dword ptr [ebp-0x8]
0x8051f06 : mov byte ptr [ebp-0x21],dl
0x8051f47 : mov al,byte ptr [ebp-0x21]
0x8051f5b : mov byte ptr [edx+ecx],al
0x805253b : pop eax
0x805253c: ret // address: eax value: 0x498accea

Curated by Lunge Technology, LLC. Questions or comments? Send us email