strange problem whith network enabled payloads

[mmiller at hick.org (mmiller at hick.org)]

On Mon, May 15, 2006 at 11:27:30AM -0700, arahzone-msf at yahoo.com wrote:
> Hi,
>    
>   I have created a simple program that listen on a socket and
> copy(strcpy) the received data to another buffer that is smaller than
> the buffer used in receive() . I am able to use payloads that dont use
> winsock such as "execute command" sucessfully but all payloads that use
> Winsocks crash. I have debugged the complete process the payload is
> copied correctly to the target buffer on the stack and the execution
> flow is redirected to the begining of the payload. The problem is just
> after the Loadlibrary(ws_32). this call return the correct address of
> ws_32.dll but the next call contain a ADD [DS:EAX],AL and I have an
> acess violation on this instruction. As the "execute command"  payload
> works correctly and I am redirecting the execution flow exactly at the
> begining of the payload I really dont know what is going wrong. 

This sounds like a payload truncation issue.  This could be related to
bad characters.  Did you specify 0x00 as being a bad character for the
exploit you're working with?