MSF and Windows SP3 (solved)

[security at vahle.de (Thomas Werth)]

I'm using Backtrack 2 with active use of svn update .
Setting setg DisableStageEncoding 1 does the magic.
It now works stable.
Let me know if i can give you more info to get this fixed.

regards,
Thomas


mmiller at hick.org schrieb:
> Are you testing this using the latest bits in trunk?  If so, try doing
> 'setg DisableStageEncoding 1' and see if the problem still happens.  
>
> On Wed, Jun 04, 2008 at 10:47:12AM +0200, Thomas Werth wrote:
> > H D Moore schrieb:
> > > ESP is too close to EIP for the stagers to work properly. You will need to 
> > > add a 'StackAdjustment' => -3500 or similar in the Payload section of the 
> > > exploit module.
> > >
> > > On Wednesday 04 June 2008, Thomas Werth wrote:
> > > > Stack[00000F24]:0012EC84 db  84h ; ?  <---------- ESP
> > > > Stack[00000F24]:0012EC8C db    0  <--------- EIP
> > Well, i have already such a definition in payload object
> > 'Payload'        =>
> >          {
> >              'Space'    => 991,
> >              'BadChars' => "\x00",
> >              'StackAdjustment' => -3500,
> >           },
> >
> > Changing it to -7500 or 5000 or removing doesn't help either.
> > Any hints ?
> > _______________________________________________
> > http://spool.metasploit.com/mailman/listinfo/framework