接之前的分析文章,在crash程序的时候,如果发送的A为5000,会触发SEH,试一下SEH+Egghunter的组合对Vulnserver LTER的利用。
比较复杂,后续填坑!!!
参考:
1.https://epi052.gitlab.io/notes-to-self/blog/2020-05-25-osce-exam-practice-part-nine/
2.https://www.ins1gn1a.com/automated-egghunter-and-shellcode-carving-with-woollymammoth
3.https://keramas.github.io/2018/10/14/non-alphanumeric-characters-in-my.html
4.https://h0mbre.github.io/LTER_SEH_Success/#
5.https://www.pyt3ra.com/2020/05/seh-based-buffer-overflow-with.html