Shellphish targetted ForAllSecure running CROMU_00065 in round 91.

Type 1 POV

eip:0x7892eecd - eax:0x698bb798

Execution control corruption via call.

Tracing data from eip: 0x80496a3 tracing source of register: edx (value: 0xbaaaae6a)

0x804d401 : receive syscall (return)
0x804a342 : mov al,byte ptr [ebp-0x21]
0x804a34b : mov byte ptr [edx+ecx],al
0x8049690 : mov edx,dword ptr [ecx+eax+0xc]
0x80496a3: call edx // address: edx value: 0xbaaaae6a

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaae6a tracing source of memory: 0xbaaaae6a (value: 0x8bb798b8)

0x804d401 : receive syscall (return)
0x804a342 : mov al,byte ptr [ebp-0x21]
0x804a34b : mov byte ptr [edx+ecx],al
0xbaaaae6a: mov eax,0x698bb798 // address: 0xbaaaae6a value: 0x8bb798b8

Negotiated general register: eax:0x698bb798

Tracing data from eip: 0xbaaaae74 tracing source of register: eax (value: 0x698bb798)

0xbaaaae6a : mov eax,0x698bb798
0xbaaaae74: jmp ebx // address: eax value: 0x698bb798

Curated by Lunge Technology, LLC. Questions or comments? Send us email