Exploit development issues

[thegnome at nmrc.org (Simple Nomad)]

On Tuesday 11 April 2006 06:43, curious one wrote:
> Hi List,
>
> Getting back on track by disabling VA space randomization, I begun with
> vulnerable sample program provided with SDK. But the same story, i get an
> error (bad address) and exits. So in order to keep up my spirit I took the
> following program from
> http://www.zone-h.org/files/32/remote_exploits.htmand started with the
> exploitation process. Strangely, I could not get an
> offset by using patternOffset.pl . So I started the trusted method of
> piping evil buffer over NC. Generated the shellcode using metasploit and I
> was relatively sucessful in that. That is to say, I was able toover write
> eip with correct return address. Now the issue came when teh last two bytes
> of shellcode stated producing segfaults. Can someone have a look and tell
> me where am I doing wrong?

This is probably exec-shield, put in place to prevent this kind of trickery. 
Try the following as root:

echo "0" > /proc/sys/kernel/exec-shield
echo "0" > /proc/sys/kernel/exec-shield-randomize

I'd seriously recommend picking up some books as well, like Gray Hat Hacking 
or Hacking: The Art of Exploration, plus a book on Assembler. You're off to a 
decent start, but truthfully this is not the best forum for this type of 
discussion.

-SN
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060411/d32227ef/attachment.pgp>