sql slammer

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

stack before calling getprocaddr func with sendto string

-5Ch

first push eax stack space; loop loc_8b

8 -60 h; loop 18h times to push 24 1010101h onto stack

loc_42CFB58E

call ds:sprintf (buf overflow happens)

ssnetlib call sub_42CFB392

call to the func containing stack smashing vulnerability

jz loc_105

if match, directly call getprocaddr; if not, alternate IAT

order for worm to setup stack frame

kernel32, GetTickCount, ws2_32, socket,sendto

mov esi, 42AE1018h ; next lea

locate LLA from IAT of sqlsort; ws2_32

return of get tick count

seed of PRNG (stack at -40h)

xor ecx, 9B040103h; xor ecx, 1010101h

set ecx to 9A050002 -->port 1434/ AF_NET

what is sql slammer

worm exploits stack buffer overflow vuln in a pair of func ofered by sql resolution service; sqlserver performs unsafe str copy --> buf overflow


Ensembles d'études connexes

COHIST-SECONDE GUERRE MONDIALE-DATES-CARTES-PERSONNES (1124)

View Set

Chapter 4- atmosphere/ocean circulations

View Set

CITI Research and HIPAA Privacy and Protections

View Set

Clinical Assessment ICF and Patient Interview & Tests and Measures

View Set

1. The Restoration period (historical background, the theatre)

View Set

ANG 1.7.1 Let's explore! = Raziščimo! (Besedilo)

View Set

(PrepU) Chapter 18: Assessing Mouth, Throat, Nose, and Sinuses

View Set

Final Exam Study Guide Questions

View Set

新概念1-9 How are you today?(句子)

View Set

Intro to Mass Communications Final

View Set