A funny little quote from one of the Vulnerability Development lists I’m on. The poster was talking about doing a remote exploitation of a web server:
So, I am basically thinking, i overflow EIP with an address that JMP’s -260 to the beginning of the Authorization header. The Authorization header then contains my Stage1 shellcode that starts searching down the stack for my Stage2 shellcode which it will find about 2k down the stack in the GET request…..
I hope somebody understands what the hell i am talking about….
Yep, I feel that way sometimes too. :)