Re: ms03-049 sp1a and sp0 now working.

[sk <sk () scan-associates net>]

Hi Wirepair,

You dont need to determine the SP, just try to find a RET that match both 
SP, and create shellcode that doesnt contain anything between 0x80 and 
0x9f. Having said that, some char like 0x8d is allowed. It will work with 
both SP.

But you may also prefer to implement the ASC shellcode as explained in 
Hack Proofing Your Network by Caezar.

sk

On Fri, 14 Nov 2003 12:03:25 -0800, wirepair <wirepair () roguemail net> 
wrote:

> Thanks to Dave Aitel for suggesting there is a difference between how 
> sp1 and sp0 processes unicode strings. Unfortunately this means you need 
> to specify which SP level the remote host is. Does anyone know a way of 
> requesting an XP machine return a unicode string? Maybe this way I can 
> read in the string and determine which sp level its at and make my code 
> automatically detect and use the correct formatting. Thanks,
> -wire
>
> http://sh0dan.org/files/0349.cpp
> http://sh0dan.org/files/0349.exe
> --
> Visit Things From Another World for the best
> comics, movies, toys, collectibles and more.
> http://www.tfaw.com/?qt=wmf