[prev in list] [next in list] [prev in thread] [next in thread]
List: dailydave
Subject: Re: [Dailydave] We hold these axioms to be self evident
From: Shane Macaulay <shane () security-objectives ! com>
Date: 2010-01-23 5:03:06
Message-ID: 4B5A830A.4020603 () security-objectives ! com
[Download RAW message or body]
Here it is, I do not have an old enough VMWare, here are a few different
examples of what I was talking about.
At first I thought it would be fun to try to nail my cs register to the
same value which the exploit used, however the novelty wore off quickly,
especially after my host system rebooted :\
echo "!!!THIS IS NOT A VALID EXE!!!!" > a.exe
---------------------------
16 bit MS-DOS Subsystem
---------------------------
Command Prompt - command /C a.exe
The NTVDM CPU has encountered an illegal instruction.
CS:0633 IP:001e OP:ff ff ff ff ff Choose 'Close' to terminate the
application.
echo "!!!THIS IS NOT A VALID EXE FILE!!!!" > a.exe
---------------------------
16 bit MS-DOS Subsystem
---------------------------
Command Prompt - a
The NTVDM CPU has encountered an illegal instruction.
CS:052c IP:012a OP:ff ff f1 60 ff Choose 'Close' to terminate the
application.
Lots of variations on this theme; I guess the title of this email thread
at this point would be better as "lame fuzzing with echo" :).
echo "!!!!THIS IS NOT A VALID EXE FILE!!!!" > a.exe
Running w/o command /C
C:\temp>a
ion
→Out of environment space
BMicrosoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-1999.
(Specified COMMAND search directory bad
6Specified COMMAND search directory bad access denied
<Starts a new instance of the MS-DOS command interpreter.
FCOMMAND [[drive:]path] [device] [/E:nnnnn] [/P] [/C string] [/MSG]
On 1/21/2010 12:51 PM, Florian Weimer wrote:
>> Uhm, to start, integer overflow on executable header? (well, you should
>> first recall about .exe or .com :-)). Just a guess.
>
> The extension doesn't really matter. If the file starts with "MZ",
> it's processed as an EXE file (with a header), otherwise, it's a
> headerless COM file.
>
_______________________________________________
Dailydave mailing list
Dailydave@lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic