Posts

Showing posts from May, 2018

04 - DiskSavvy Enterprise 10.4.18 BoF SEH (and how I finally became not so bad at it)

Image
I decided to make a whole new post in regarding DiskSavvy, as the others were all over the place.  This post will focus on the working PoC, now that I have it, and explain some of the tribulations and pitfalls I experienced during it.


0x01 - Locating a Crash
Alright, so in the past we've located a relatively easy crash-- after performing a three way handshake, the application sends a packet requesting some server information.  This packet'ssends the following ASCII string: 'SERVER_GET_INFO', prepended by a few headers, and appended by some more data.  This whole interaction can be seen in previous posts, namely post one and two, where I go as in depth as I was able at the time with my fairly limited knowledge.  Initially, I found a location in a portion of the headers that resulted in a crash that I was pretty psyched on, but after bashing my head against the keyboard for an undetermined (read: unreleased) amount of time, I found I wasn't sure I was able to take ad…