You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a unique quality in HTTP requests that contain buffer overflows. The HTTP request packet contains several “fields”,
not all of them necessary (in fact the packet we are sending in our exploit is already stripped down considerably).
For the sake of simple explanations lets call these fields 1,2,3,4,5. If there is a buffer overflow in field 1 normally we would assume that field 2 is just an extension of field 1 as if it was just appended to field 1.
However as we will see these different “fields” will each have a proper location in memory and even though field 1 (or Stage1 in our case) contains a buffer overflow the other fields will, at the time of the crash, be loaded separately into memory.
Let's see what happens when we inject a metasploit pattern of 1000-bytes in the “User-Agent” field.
!mona findmsp
-- to verify that your buffer is located in memory