Metasploit mailing list archives

another payload execution failure

From: security at vahle.de (Thomas Werth)
Date: Wed, 11 Jun 2008 15:35:39 +0200

dear list,

once again i'm having problems getting payload executed.

Actual i'm build a off-by-one buffer overflow example on windows. 
Test-Program recieves msg from net, handling subfunc has a typical off 
by one overflow. Last significant byte of sfp is correct manipulated and 
execution is passed to attacker buffer when calling func ends.
I've used a nop sled for testing and it is left unmodified.

Now when replacing nopsled by payload (staged, non staged, bind, 
reverse, exec) every payload fails to execute proper. Some (exec) 
successful call winexec and proxexit kernel funcs but no effext ( i have 
console app and tried executing calc or notepad ). All Bind, reverse, 
meterpreter payloads execute but fail after large amount of 
instructions. ESP - 3500 is used and that is executed correct at 
beginning of payload.

Any hints what can be the problem ?

regards,
Thomas

Current thread:

MSF and Windows SP3 (solved), (continued)
- - MSF and Windows SP3 (solved) Thomas Werth (Jun 02)
    - MSF and Windows SP3 (solved) mmiller at hick.org (Jun 03)
    - MSF and Windows SP3 (solved) Thomas Werth (Jun 03)
    - MSF and Windows SP3 (solved) H D Moore (Jun 04)
    - MSF and Windows SP3 (solved) Thomas Werth (Jun 04)
    - MSF and Windows SP3 (solved) H D Moore (Jun 04)
    - MSF and Windows SP3 (solved) mmiller at hick.org (Jun 04)
    - MSF and Windows SP3 (solved) Thomas Werth (Jun 04)
    - MSF and Windows SP3 (solved) mmiller at hick.org (Jun 05)
    - MSF and Windows SP3 (solved) Thomas Werth (Jun 05)
    - another payload execution failure Thomas Werth (Jun 11)
    - another payload execution failure H D Moore (Jun 11)
    - another payload execution failure Thomas Werth (Jun 11)
    - another payload execution failure Patrick Webster (Jun 11)
    - Message not available
    - another payload execution failure Thomas Werth (Jun 11)
    - another payload execution failure mmiller at hick.org (Jun 11)
    - another payload execution failure Thomas Werth (Jun 11)
    - another payload execution failure H D Moore (Jun 12)
    - another payload execution failure Thomas Werth (Jun 12)
    - another payload execution failure H D Moore (Jun 12)