Metasploit mailing list archives
Exploit development issues
From: thegnome at nmrc.org (Simple Nomad)
Date: Tue, 11 Apr 2006 09:10:43 -0500
On Tuesday 11 April 2006 06:43, curious one wrote:
Hi List, Getting back on track by disabling VA space randomization, I begun with vulnerable sample program provided with SDK. But the same story, i get an error (bad address) and exits. So in order to keep up my spirit I took the following program from http://www.zone-h.org/files/32/remote_exploits.htmand started with the exploitation process. Strangely, I could not get an offset by using patternOffset.pl . So I started the trusted method of piping evil buffer over NC. Generated the shellcode using metasploit and I was relatively sucessful in that. That is to say, I was able toover write eip with correct return address. Now the issue came when teh last two bytes of shellcode stated producing segfaults. Can someone have a look and tell me where am I doing wrong?
This is probably exec-shield, put in place to prevent this kind of trickery. Try the following as root: echo "0" > /proc/sys/kernel/exec-shield echo "0" > /proc/sys/kernel/exec-shield-randomize I'd seriously recommend picking up some books as well, like Gray Hat Hacking or Hacking: The Art of Exploration, plus a book on Assembler. You're off to a decent start, but truthfully this is not the best forum for this type of discussion. -SN -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060411/d32227ef/attachment.pgp>
Current thread:
- Exploit development issues curious one (Apr 11)
- Exploit development issues H D Moore (Apr 11)
- Exploit development issues H D Moore (Apr 11)
- Exploit development issues Simple Nomad (Apr 11)
- Exploit development issues curious one (Apr 11)
- Exploit development issues H D Moore (Apr 11)