Metasploit mailing list archives
No room for shellcode
From: hdm at metasploit.com (H D Moore)
Date: Sun, 03 May 2009 13:26:12 -0500
On Sun, 03 May 2009 13:19:44 -0500, DB Allen <allendb760 at googlemail.com> wrote:
Out of interest, has anyone ever seen an overflow fail when changing shellcode. As in the buffer overflow doesn't even occur.. I thought there may be a bad character in the shellcode, which was why it was not landing up in the stack properly, so generated new shellcode set to exclude the byte I thought could be causing problems, and the overflow didn't even occur, was sending exactly the same data for the initial buffer, just different shellcode... It's irritated the hell outta me!
This happens pretty often, its a pain to work through, but its usually caused by either a badchar being missed, or the combination of two characters triggering some processing issue in the application. With FTP servers, the 0xFF byte is often treated as an escape, so you have to double each 0xFF so that it decodes properly. What protocol is this exploit using? -HD
Current thread:
- No room for shellcode DB Allen (May 02)
- No room for shellcode egypt at metasploit.com (May 02)
- No room for shellcode Patrick Webster (May 03)
- No room for shellcode DB Allen (May 03)
- No room for shellcode H D Moore (May 03)
- No room for shellcode DB Allen (May 03)
- No room for shellcode H D Moore (May 03)
- No room for shellcode DB Allen (May 04)
- No room for shellcode Patrick Webster (May 05)
- No room for shellcode Patrick Webster (May 03)
- No room for shellcode egypt at metasploit.com (May 02)
- No room for shellcode Kim Guldberg (May 03)