Description:
Welcome to Part 8 of the Exploit Research Megaprimer.
Please begin this series by watching Part 1, if you have not already done so!Finally! After 1 hour of gruelling session in the basics of SEH, we have finally arrived! This video deals with the actual exploitation of an SEH overwrite. We will look at how to create Short Jump from the Next SEH Handler pointer to our Shellcode, and exploit the victim! We will also talk about SAFESEH and how this makes our task a bit difficult, but loopholes in the system allow us to still get through. We will also learn how to find modules which are not linked with the SAFESEH option and use them to exploit the system.
Hope you enjoy this video! Please do leave your comments behind.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments:
Definitely not bored with your style of teaching! You are absolutely right in teaching this way. I wish my university professors were able to teach this way. It is so much more efficient and really helps drive all the concepts home when theory is combined with demonstration in ~30 minute intervals. I wish there were more openly available resources like this. Great job. This site is currently one of my most useful and enjoyable security resources. Thanks again.
can't agree more with jrstore!
Also, as Vivek said - there are tons of videos on youtube, none complete with the background theory. This video series is completely self contained learning system - making me glued to my chair.
As above, great series
Thanks for your job!!!
It`s very usefull lessons.
I think, if you adding some tasks in each lesson with equal themes, it can make your lessons very cool!!!
And people can have some practice. It`s very important.
But it IMHO.
From Russia. With respect.
thanks vivek... the exploit didnt work for me.. but i tried over and over and got it done
Video was a Home run Vivek!! Turns out my on the exploit I was writing that all the modules where compiled with SafeSEH!! Bummer, Regardless it was a learning experience!! This presentation was AWSOME!! Maybe one day you could really dive into a solid presentation on immunity!! Your teaching style makes me glued to the screen!!
@vivek: Hi, Vivek. Nice serie, would you mind to post the pvefindaddr.py?? I looked around the google with "pvefindaddr filetype:py" even though I have found partian or Diff part of the script I still dont have it complete.
Please Let me know if you can post it or send it to me.
Regards,
Never Mind, I found a copy of it on google's cache.
Here is the link:
http://dl.dropbox.com/u/33851074/pvefindaddr.py
Thank u anyway.
WOW I finally succeed it. I really appreciate your video.
Now, I got what the stack, seh and safeSEH are.
I enjoyed your elaborate video series. 30 min...enought time
not boring not short...Awesome
I really look forward to see ASLR, DEP series...
just thank you!
AWESOME !! I have started working on exploit-db , now I am looking forward ASLR and DEP ... very eagerly seeking that :)
Hey Vivek
Pretty cool and informative videos on Exploit Research :-)
When are the next videos are coming up ?
@kichan @iampole @dikien @FR4NCIXC0 i am unable to corrupt SEH chain, any ideas why ??
Note that the pvefindaddr plugin has been replaced by mona.
See http://redmine.corelan.be/projects/mona
@FR4NCIXC0 tnx for share
@vivek it's a great research for me, tnx you very much!
and can anybody give me a hit how I can detect bad char in this exploit, because for my it's does't work like in other videos. tnx
done successful, if anybody have troble with bad char, look this man http://scx010c075.blogspot.com.es/2012/02/determine-bad-characters.html