So the code would now look like this code = nopsled + calc After going through some exploits a realised the only change from the above code I really had to make was by spraying the heap using “substring” function. Nopsled_len = chunk_size - (headersize + calc.length) įrom IE8 things had changed not only because it supported DEP but heap spraying for the above code did not spray the heap.
Var calc, chunk_size, headersize, nopsled, nopsled_len
(Just removed the un from unescape as Symantec’s Endpoint Protection doesnt like it in this section, maybe they are just too close to each other 🙂 as the following unescapes are fine) In my old exploits I used the heap spraying code below when testing on IE6. In this post I am just sharing some basic info which will hopefully to help others when writing/understanding exploits for the first time while at the same time keeping it simple and not worrying to much about performance or precision. Previously when exploiting vulnerabilities my POCs had always been on Windows XP IE6 just to make sure it worked and not having to worry about all the mitigations in later versions. Lately I have been learning to write some exploits for some of my old discovered vulnerabilities to get it working on Windows 7 with IE9.
0 kommentar(er)
