Dabbling in Buffer Overflows

Soldato
Joined
2 Dec 2009
Posts
4,006
Location
Midlands
Hi guys,

I've recently been having relatively good success at remote buffer overflow as I learn about pen-testing online services, however, I've really run aground in my learning.

Once I've connected with the poorly constructed service via netcat on Kali, I've deduced that 24 bytes is the limit, hence I use the following to call my fixed 'success' function (located at 0x5656c26d):

Code:
AAAAAAAAAAAAAAAAAAAAAAAAAA\x6D\xC2\x56\x56

However, I just keep getting it incorrect no matter how I present the input with the following error:

Code:
NX Alert: Terminating Process for Bad Address.

I'd naturally assumed the Function is stored in little Endian, but it still won't function. Any ideas please?!
 
Back
Top Bottom