FW: Re[4]: wmf never worked on my default winxp ever (DEP)

[sandalwood at inMail24.com (sandalwood)]

Hello Tomas,

HAHA :)  Yeah this *IS* is vmware.  What rational human on this
planet would run windows on their *desktop* ?!?!!  "lol"
seriously i'm in tears laughing at the idea.

Yes, everything I talked about was in a vmware session.
VMware Workstation v5.5.1.19175 for Linux

I created a new machine, installed default winxp iso from my
http://msdn.microsoft.com/ account, and did my testing.  Clean fresh
virgin install, just like I said from the beginning (why don't people
believe?) and tested.  Added SP1, tested.  Added SP2, tested.  Et
cetera.  I did everything "right" and the results would be the same
for anyone who happened to be running on amd 64bit hardware (oops) and
also using the exploit when it was bmp instead of tiff (oops).

I don't come out and *say* that I'm running my machines in vmware
because it will just confuse people or create needless email banter
about possible differences between a vm and "real" machine.  Indeed
these machines are just as real as the box I'm typing on.  There is no
spoon.

also to the guy who said:
> Did you try clicking open instead of download?  I have a
> fully patches XP SP2 and it works.

there was no open option.  i outlined that in my other email.  it
works on your system because EITHER (1) you used the updated exploit
that wasn't bmp format, or (2) you don't have DEP enabled hardware
like amd64, or (3) you don't really have a default install.

thanks all; great software, great list :)


> > -----Original Message-----
> > From: Tomas L. Byrnes 
> > Sent: Wednesday, January 04, 2006 10:49 PM
> > To: 'sandalwood'
> > Subject: RE: Re[4]: [framework] wmf never worked on my 
> > default winxp ever (DEP)
> >
> > Haven't you heard of VMWare? 
> >
> > Virtual machines are the way to do research.
> >
> >
> >
> > > -----Original Message-----
> > > From: sandalwood [mailto:sandalwood at inMail24.com]
> > > Sent: Wednesday, January 04, 2006 5:08 PM
> > > To: framework at metasploit.com
> > > Subject: Re[4]: [framework] wmf never worked on my default 
> > winxp ever 
> > > (DEP)
> > >
> > > > Thanks again for the information, sounds like DEP and BMP acting 
> > > > inconsistently were the main culprits. If you disable DEP and can 
> > > > reproduce the problem with the latest exploit, please let us know.
> > >
> > > Sucks that you have to edit boot.ini and reboot just to kill DEP.
> > > Anyway I did so (/NoExecute=AlwaysOff) and now the new 
> > exploit works 
> > > perfectly. (it is a truly default install, after all)
> > >
> > > BTW, is DEP bypass possible in this exploit? ;) 
> > > (http://www.uninformed.org/?v=2&a=4&t=txt
> > >  "Bypassing Windows Hardware-enforced Data Execution Prevention")
> > >
> > > thanks again!

> > > --
> > > Best regards,
> > >  sandalwood                            
> > mailto:sandalwood at inMail24.com

-- 
Best regards,
 sandalwood                            mailto:sandalwood at inMail24.com



----------
* Zoner PhotoStudio 8 - Your Photos perfect, shared, organised! www.zoner.com/zps