tag:blogger.com,1999:blog-8539880144347728238.post9188596012530352297..comments2024-01-24T04:15:08.086-05:00Comments on Carnal0wnage Blog: Internet Explorer 7 XML Parser Buffer OverflowUnknownnoreply@blogger.comBlogger7125tag:blogger.com,1999:blog-8539880144347728238.post-57871484940715238182008-12-16T09:29:00.000-05:002008-12-16T09:29:00.000-05:00@Anonymous:Heh, maybe sometime. There are more tha...@Anonymous:<BR/>Heh, maybe sometime. There are more than enough malware samples floating around that could be used to develop the module though. <BR/><BR/>@The Moorish:<BR/>HD added a module to the trunk. Have you tested that one? It's very different to ours. I've not been able to get it to trigger the vuln yet but I've not tried on nx enabled boxes either. The technique he uses is damn cool and will obsolete the heapsray stuff I used.dean de beerhttps://www.blogger.com/profile/13744345182407258839noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-35660625060854311072008-12-16T04:31:00.000-05:002008-12-16T04:31:00.000-05:00the*the*Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-24159575519538723622008-12-16T04:30:00.000-05:002008-12-16T04:30:00.000-05:00That's a great post it could have been a lot bette...That's a great post it could have been a lot better if you shared to code!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-43059313480486065222008-12-15T15:42:00.000-05:002008-12-15T15:42:00.000-05:00is there any way we can get the module for metaspl...is there any way we can get the module for metasploit ?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-81769513736431774822008-12-12T17:22:00.000-05:002008-12-12T17:22:00.000-05:00@ Anonymous:I'm not sure what you're asking but if...@ Anonymous:<BR/>I'm not sure what you're asking but if you mean from the browser sessions itself, then yes. <BR/><BR/>@natron:<BR/>Maybe. But it's really nothing new. This time it was really just more about thinking problems through and being thorough.dean de beerhttps://www.blogger.com/profile/13744345182407258839noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-78723055048503545542008-12-12T17:03:00.000-05:002008-12-12T17:03:00.000-05:00Is there a way to gather Session ID or session inf...Is there a way to gather Session ID or session information in general? Not the Session Id that you use to connect to the target but the actual connection session.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-8063134177858054642008-12-12T11:30:00.000-05:002008-12-12T11:30:00.000-05:00Any way you could be convinced to do a writeup on ...Any way you could be convinced to do a writeup on some of the debugger tricks you learned?<BR/><BR/>I've recently been getting into exploit dev and have primarily been using only Olly and manual calculations for analysis. I haven't used any of the metasploit built in stuff yet and would be interested in reading what you've learned.Nathan Keltnerhttps://www.blogger.com/profile/08165445198675206275noreply@blogger.com