SEH Exploitation Tutorial
My first video tutorial for securitytube.net. Tools used are MRI ruby 1.9.2 from source, nasm, memdump, msfpesearch, olly, sseh plug-in for olly, windbg, the jutsu component of byakugan windbg plug-in (can be found in msf3/external/source), and warftpd 1.6.5. Operating systems are Ubuntu Natty for host and XPSP3 in VirtualBox VM for client. The exploit is reproduced as a push esp, ret (the way metasploit does it). It is then rewritten to work as a SEH exploit. If you need the details of pattern offset, pattern create, msfpayload, msfencode, and banned characters review the previous videos by Vivek. If you are using Immdbg, the Olly plug-in should still work. Immdbg is Ollydbg + python and some other customisations. Original video is available if it gets blurry during the vimeo re-encode. I recorded at 1440x900 ogv and uploaded at 1280x720 mp4(720p at 30fps with 2 pass encoding and still pretty sharp before the upload).