Overflowing Brain: Information Overload and the Limits of Working Memory

Presently reading and trying to follow http://grey-corner.blogspot.co.uk/2010/01/seh-stack-based-windows-buffer-overflow.html

Ingredients – in progress tbc
1oz of Windows PC
2 scoops of http://www.ollydbg.de/
1ml of OllySSEH plugin – http://www.openrce.org/downloads/details/244/OllySSEH

1. Download OllyDbg 1.10 from http://www.ollydbg.de/
2. Download OllySSEH plugin (Found does not work so feel free to ignore this stage.)
3. Un rar OllyDbg and place into a folder of option.
4. Create new folder inside of ODbg called Plugins the Un rar OllySSEH (inside move to Project / Release /  OllySSEH.dll copy and paste back in Plugins folder.
5. Double click OLLYDBG.exe
6. Options / Directories / Plugin path: point to your new folder called Plugins.
7. File / Open / select your exe or .dll
8. Plugins / SafeSEH / Scan /SafeSEH Modules – And OllyDbg, 32-bit analyzing debugger has stopped working.
9. Restart OLLYDBG.exe  – forget SafeSEH and in the words of grey-corner.blogspot.co.uk

“As an alternate method to using OllySSEH, we can start by using the View->Executable Modules menu option to show a the list of modules loaded with the application, and we can then analyse each individual file using msfpescan to determine whether we can use it to provide a usable SEH overwrite address.”

Out of interest msfpescan location in Backtrack 5r1

root@bt:/pentest/exploits/framework2# msfpescan -i /root/DII/ws2_32.dll


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s