4 comments on “RemoteExec Computers List Buffer Overflow ROP Exploit

  1. Hi,

    When you create the ROP chain, some of the addresses you selected and constant values you used to pop into register (such as 0x00000040) contains 00, will the vulnerable program interpret it as String terminator and cuts off your attack vector?

    Thanks

  2. Most string functions do but RemoteExec.exe use some other API to parse strings which doesnt terminate when it hits a null therefore in this case 00 is not a bad character.

Leave a Reply

Your email address will not be published. Required fields are marked *