Metasploit mailing list archives
http get overflow
From: ninjatools at hush.com (ninjatools at hush.com)
Date: Wed, 29 Sep 2004 11:27:30 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We've written a couple http bugs, and I usually use the following technique. It isn't neccesarily the cleanest, but it offen works quiet well. I usually use one of the amazing egghunt shellcodes written by matt miller (skape), for example: http://www.hick.org/~mmiller/shellcode/win32/egghunt_syscall.c Sometimes you can get away with using a standard encoder, but it's often easier (and you have enough space) to just encode it with an alpahnumeric encoder. Skylined's encoder (it's in metasploit) is very good, and an updated and improved version will be out in the next version of metasploit. Also, we should have support for encoding "extra" payloads, but right now I just hardcode the encoded egghunt into the exploit. I then put the normal shellcode in an HTTP header, giving me plenty of room, and the egghunt finds it, and executes it. I don't think the current metasploit really has a good example of this, but you might want to check the serv-u exploit where I did something similar. - -spoon On Wed, 29 Sep 2004 07:09:53 -0700 Vlad902 <vlad902 at gmail.com> wrote:
Write your own or depend on smaller shellcodes being encoded. Also look at msfencode rather then the online demonstration as that's a bit dated.
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkFa/pUACgkQtCeTLzI39eP3egCfdHTsHLY5O6cFifPCWKWWzUdoZmkA nRk6oIqUAn5YqXBg6Wgku15XtqQ1 =94Q6 -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427
Current thread:
- http get overflow Guy Incognito (Sep 29)
- http get overflow Vlad902 (Sep 29)
- <Possible follow-ups>
- http get overflow ninjatools at hush.com (Sep 29)