Metasploit mailing list archives
MSF and Windows SP3 (solved)
From: security at vahle.de (Thomas Werth)
Date: Tue, 03 Jun 2008 08:38:26 +0200
Dear List, so finally i've found the problem. All staged payloads fail. Can someone give a hint why this can happen ? Programm has a subfunc which recieves network traffic into a large buffer. Within that another subfunc is called which uses strcopy to copy recieved string into smaller buffer. Now exploit overwrites very stable saved ebp and saved eip. 256 Bytes are present before theses 8Bytes and 991 Bytes after that. When choosing staged payloads those one fail after connection. Other one work well. ESP is adjusted with add -3500. I'd like to understand why staged one fail and i've i can patch exploit so those will work, too Thx Thomas Thomas Werth schrieb:
Dear List, one more pice of information. Target Program has been tested using vs2003 with same exploit (ok other ret Adress is used ) and there it is working. Seems i've done something terrible wrong or msf3 payloads have problems exploitng msv2008 application . regards Thomas Thomas Werth schrieb:Dear List, I've further inverstigated what's going on. So i checked program against xpsp2. Well same things occur here. Session is always created but program terminates in same second. So it seems not to be xpsp3 depended. Windows Data Execution prevention is disabled. What is new compared to previous test is that test program now is build with new visualc 2008 ( buffer checks are disabled) and it is using that crt dll's. Can this cause the problems ? greetings Thomas _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework_______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
Current thread:
- MSF and Windows SP3 (Part 2) Thomas Werth (Jun 02)
- MSF and Windows SP3 (Part 2) Thomas Werth (Jun 02)
- MSF and Windows SP3 (solved) Thomas Werth (Jun 02)
- MSF and Windows SP3 (solved) mmiller at hick.org (Jun 03)
- MSF and Windows SP3 (solved) Thomas Werth (Jun 03)
- MSF and Windows SP3 (solved) H D Moore (Jun 04)
- MSF and Windows SP3 (solved) Thomas Werth (Jun 04)
- MSF and Windows SP3 (solved) H D Moore (Jun 04)
- MSF and Windows SP3 (solved) mmiller at hick.org (Jun 04)
- MSF and Windows SP3 (solved) Thomas Werth (Jun 04)
- MSF and Windows SP3 (solved) mmiller at hick.org (Jun 05)
- MSF and Windows SP3 (solved) Thomas Werth (Jun 05)
- another payload execution failure Thomas Werth (Jun 11)
- MSF and Windows SP3 (solved) Thomas Werth (Jun 02)
- MSF and Windows SP3 (Part 2) Thomas Werth (Jun 02)