SEH Exploit Tutorial (coming soon…)

So, I was able to play around with Immunity Dbg + Mona (thank you team Corelan) yesterday and today after reading a lot of articles online.
I’ve also been learning about SEH overflows and how they can be used to bypass stack canaries to achieve arbitrary code execution.
Unfortunately, I will be pretty busy these upcoming weeks due to finals and what not so I likely won’t have the time to write a full in-depth guide until after school ends. =(

But for now I just thought I’d post a little preview of what is to come…

SEH Exception Handler Tutorial Preview
(note the corrupted SEH records)

Yep, using a SEH overflow exploit I was able to spawn a calculator from a software crash! Exciting stuff, I know.

I plan on posting an in-depth guide using one of the Snort AWBO challenges as an example. Hopefully I’ll get the chance to tackle it soon.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s