Metasploit mailing list archives
strange problem whith network enabled payloads
From: mmiller at hick.org (mmiller at hick.org)
Date: Mon, 15 May 2006 13:40:45 -0500
On Mon, May 15, 2006 at 11:27:30AM -0700, arahzone-msf at yahoo.com wrote:
Hi, I have created a simple program that listen on a socket and copy(strcpy) the received data to another buffer that is smaller than the buffer used in receive() . I am able to use payloads that dont use winsock such as "execute command" sucessfully but all payloads that use Winsocks crash. I have debugged the complete process the payload is copied correctly to the target buffer on the stack and the execution flow is redirected to the begining of the payload. The problem is just after the Loadlibrary(ws_32). this call return the correct address of ws_32.dll but the next call contain a ADD [DS:EAX],AL and I have an acess violation on this instruction. As the "execute command" payload works correctly and I am redirecting the execution flow exactly at the begining of the payload I really dont know what is going wrong.
This sounds like a payload truncation issue. This could be related to bad characters. Did you specify 0x00 as being a bad character for the exploit you're working with?
Current thread:
- strange problem whith network enabled payloads arahzone-msf at yahoo.com (May 15)
- strange problem whith network enabled payloads H D Moore (May 15)
- strange problem whith network enabled payloads arahzone-msf at yahoo.com (May 15)
- strange problem whith network enabled payloads arahzone-msf at yahoo.com (May 16)
- strange problem whith network enabled payloads mmiller at hick.org (May 15)
- strange problem whith network enabled payloads arahzone-msf at yahoo.com (May 15)
- strange problem whith network enabled payloads H D Moore (May 15)