Metasploit mailing list archives
strange problem whith network enabled payloads
From: arahzone-msf at yahoo.com (arahzone-msf at yahoo.com)
Date: Mon, 15 May 2006 11:54:38 -0700 (PDT)
Thank you very much, I think that its the solution,I have played with esp and ebp a little bit in olly and the programs goes a little further. I will test it and let you know. Thanks H D Moore <hdm at metasploit.com> wrote: It sounds like your stack pointer is too close to EIP. Try prepending the following bytes before your payload: "\x81\xc4\x54\xf2\xff\xff" (add esp, -3500) -HD On Monday 15 May 2006 13:27, arahzone-msf at yahoo.com wrote:
I have created a simple program that listen on a socket and copy(strcpy) the received data to another buffer that is smaller than the buffer used in receive() . I am able to use payloads that dont use winsock such as "execute command" sucessfully but all payloads that use Winsocks crash. I have debugged the complete process the payload is copied correctly to the target buffer on the stack and the execution flow is redirected to the begining of the payload. The problem is just after the Loadlibrary(ws_32). this call return the correct address of ws_32.dll but the next call contain a ADD [DS:EAX],AL and I have an acess violation on this instruction. As the "execute command" payload works correctly and I am redirecting the execution flow exactly at the begining of the payload I really dont know what is going wrong. Is there anyone who could tell me what the problem is? I should add that I am using msweb to generate and encode the payload but I use my own python script to send it to the vulnerable program. Is there any register initialization that should be done before executing these payloads? Last thing to say is that my own download and execute payload works.
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060515/15972fc7/attachment.htm>
Current thread:
- strange problem whith network enabled payloads arahzone-msf at yahoo.com (May 15)
- strange problem whith network enabled payloads H D Moore (May 15)
- strange problem whith network enabled payloads arahzone-msf at yahoo.com (May 15)
- strange problem whith network enabled payloads arahzone-msf at yahoo.com (May 16)
- strange problem whith network enabled payloads mmiller at hick.org (May 15)
- strange problem whith network enabled payloads arahzone-msf at yahoo.com (May 15)
- strange problem whith network enabled payloads H D Moore (May 15)