Shellphish targetted ForAllSecure running CROMU_00065 in round 93.

Type 1 POV

eip:0x58f8e6d8 - eax:0x6689b6f7

Execution control corruption via call.

Tracing data from eip: 0x80496a3 tracing source of register: edx (value: 0xbaaaae6a)

0x804d401 : receive syscall (return)
0x804a342 : mov al,byte ptr [ebp-0x21]
0x804a34b : mov byte ptr [edx+ecx],al
0x8049690 : mov edx,dword ptr [ecx+eax+0xc]
0x80496a3: call edx // address: edx value: 0xbaaaae6a

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaae6a tracing source of memory: 0xbaaaae6a (value: 0x89b6f7b8)

0x804d401 : receive syscall (return)
0x804a342 : mov al,byte ptr [ebp-0x21]
0x804a34b : mov byte ptr [edx+ecx],al
0xbaaaae6a: mov eax,0x6689b6f7 // address: 0xbaaaae6a value: 0x89b6f7b8

Negotiated general register: eax:0x6689b6f7

Tracing data from eip: 0xbaaaae74 tracing source of register: eax (value: 0x6689b6f7)

0xbaaaae6a : mov eax,0x6689b6f7
0xbaaaae74: jmp ebx // address: eax value: 0x6689b6f7

Curated by Lunge Technology, LLC. Questions or comments? Send us email