Tab Content
No Recent Activity
About m0nna

Basic Information

Statistics


Total Posts
Total Posts
21
Posts Per Day
0.01
General Information
Last Activity
11-06-2011 02:34 PM
Join Date
09-11-2011
Referrals
0
View m0nna's Blog

Recent Entries

SEH Overflow exploit POC Part 2

by m0nna on 09-20-2011 at 02:23 AM
Exploiting the SEH overflow in A-PDF all to mp3 converter

1) I wrote a perl script that creates a “wav” file with 5000 A’s as shown below:
Code:
    #!/usr/bin/perl -w
    use strict;
    my $file = "exploit_seh.wav";
    my $junk ="\x41" x 5000 ;
    open OUTPUT, ">", "$file";
    print OUTPUT $junk;
This script creates a file “exploit_seh.wav”.

2) After I open

Read More

Categories
Uncategorized

SEH Overflow exploit POC Part 1

by m0nna on 09-20-2011 at 01:44 AM
On 18th Jan 2011, somebody named “h1ch4m” reported a stack based overflow vulnerability in “PDF All to mp3 converter” via exploit-db (Exploits Database by Offensive Security). This vulnerability can be exploited by giving a malformed “.wav” file to the application. When i was checking the software on 29th jan 2011, i also found that it was also vulnerable to SEH overflow vulnerability, so i decided to write an exploit for the SEH overflow and submit to exploit-db (community based database

Read More

Updated 09-20-2011 at 02:28 AM by m0nna

Categories
Uncategorized