Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > System crack > Content
Hot Articles
GeoVision Digital Video
Adobe Acrobat and the Re
Samba group_mapping.tdb/
The Sleuth Kit - UNIX-ba
Marvell 88W8361P-BEM1 ch
CS-Cart core / user.php
phpBB Small ShoutBox mod
Outlook Web Access for E
FlexCell Grid ActiveX co
PHP error_log bypasses t
Apple Bonjour for Window
nginx file type error pa
DedeCMS V5.5 Final GetWe
Details of PHP code exec
The VMware 2008-0014 ren
Recommend Articles
Mozilla the Firefox 2.0.
DC++ many long-distance
VLC the media player WAV
The Wireshark 1.0.1 edit
Wordpress XML-RPC connec
ServerView Web connectio
PCRE the pcre_compile.c
phpMyAdmin long-distance
Panda the ActiveScan lon
BlueZ the SDP load handl
1024 CMS many documents
WeFi journal file local
vBulletin adminlog.php r
Microsoft Windows DNS se
Adobe RoboHelp Server he
New Articles
DiY - brief loophole ana
Freefloat FTP Server ove
I can with Apache endeav
HP - UX NFS/ONCplus unkn
HP - UX FTPD remote deni
HP - UX DCE can send acr
HP - UX 'useradd' local
HP - UX swagentd remote
HP - UX Numbers local de
HP - UX System under the
HP - UX 'FTPD' unknown r
HP TCP/IP Services for c
From Solaris NFS pages f
From Solaris XScreenSave
Sun Solaris Auditing Ext
Freefloat FTP Server overflow vulnerability analysis
  Add date: 03/17/2011   Publishing date: 03/17/2011   Hits: 37

In revc function fluctuation broken, gradually track and analyze down, come to:

 

00401DE0 > / $56 ESI shall

00401DE1 |. 8BF1 MOV ESI, ECX

00401DE3 |. 00040000 MOV ECX, 400 B9

00401DE8 |. 6A 00 shall 0; / Flags = 0

00401DEA |. 8B46 18 MOV EAX and dwords ESI theptr DS: [18]; + |

00401DED |. 8B56 14 MOV EDX, dwords ESI theptr DS: [+ 14]; |

00401DF0 |. ECX, 2BC8 SUB EAX; |

00401DF2 |. 03D0 ADD EDX, EAX; |

00401DF4 |. 8B06 MOV EAX and dwords ESI] [theptr DS:; |

00401DF6 |. 51 ECX shall; | BufSize = 400 (1024.)

00401DF7 |. 52 EDX shall; | 013C1820 Buffer =

00401DF8 |. 50 EAX shall; | Socket

00401DF9 |. 6E190000 e8's JMP. & WS2_32 CALL < >; j # 16 \ recv

00401DFE |. 85C0 TEST EAX and EAX; Judge whether the bytes received for empty

00401E00 |. FTPServe. JE 74 14 without 00401E16

00401E02 |. 83F8 FF CMP EAX and - 1; Determine whether receiving failure

00401E05 |. JE 0F FTPServe. 74 without 00401E16

00401E07 |. 8B4E 18 MOV ECX, dwords ESI theptr DS: [18]; + Ecx = 0

00401E0A |. ECX, 03C8 ADD EAX; Ecx = eax = receive bytes

00401E0C |. 01000000 MOV EAX and 1 B8

 

00401E11 |. 894E 18 MOV dwords theptr DS: [18], ECX ESI +

00401E14 |. 5E POP ESI
Prev:I can with Apache endeavor command access control bypass loophole Next:DiY - brief loophole analysis

Comment:

Category: Home > System crack
Home