Vulnerability Development mailing list archives
Re: ms03-049 sp1a and sp0 now working.
From: sk <sk () scan-associates net>
Date: Mon, 17 Nov 2003 11:31:09 +0800
Hi Wirepair,You dont need to determine the SP, just try to find a RET that match both SP, and create shellcode that doesnt contain anything between 0x80 and 0x9f. Having said that, some char like 0x8d is allowed. It will work with both SP.
But you may also prefer to implement the ASC shellcode as explained in Hack Proofing Your Network by Caezar.
skOn Fri, 14 Nov 2003 12:03:25 -0800, wirepair <wirepair () roguemail net> wrote:
Thanks to Dave Aitel for suggesting there is a difference between how sp1 and sp0 processes unicode strings. Unfortunately this means you need to specify which SP level the remote host is. Does anyone know a way of requesting an XP machine return a unicode string? Maybe this way I can read in the string and determine which sp level its at and make my code automatically detect and use the correct formatting. Thanks,-wire http://sh0dan.org/files/0349.cpp http://sh0dan.org/files/0349.exe -- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf
Current thread:
- ms03-049 sp1a and sp0 now working. wirepair (Nov 14)
- Re: ms03-049 sp1a and sp0 now working. sk (Nov 16)