Metasploit mailing list archives
Exploit development issues
From: 0x0804 at gmail.com (curious one)
Date: Tue, 11 Apr 2006 18:27:43 +0400
Hi SN, I got it with echo 0 > /proc/sys/kernel/randomize_va_space . Anyway the topic is off the list. Thanks a lot guys for all the help. Cheers On 4/11/06, Simple Nomad <thegnome at nmrc.org> wrote:
On Tuesday 11 April 2006 06:43, curious one wrote:Hi List, Getting back on track by disabling VA space randomization, I begun with vulnerable sample program provided with SDK. But the same story, i getanerror (bad address) and exits. So in order to keep up my spirit I tookthefollowing program from http://www.zone-h.org/files/32/remote_exploits.htmand started with the exploitation process. Strangely, I could not get an offset by using patternOffset.pl . So I started the trusted method of piping evil buffer over NC. Generated the shellcode using metasploit andIwas relatively sucessful in that. That is to say, I was able tooverwriteeip with correct return address. Now the issue came when teh last twobytesof shellcode stated producing segfaults. Can someone have a look andtellme where am I doing wrong?This is probably exec-shield, put in place to prevent this kind of trickery. Try the following as root: echo "0" > /proc/sys/kernel/exec-shield echo "0" > /proc/sys/kernel/exec-shield-randomize I'd seriously recommend picking up some books as well, like Gray Hat Hacking or Hacking: The Art of Exploration, plus a book on Assembler. You're off to a decent start, but truthfully this is not the best forum for this type of discussion. -SN
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060411/e57f6ea4/attachment.htm>
Current thread:
- Exploit development issues curious one (Apr 11)
- Exploit development issues H D Moore (Apr 11)
- Exploit development issues H D Moore (Apr 11)
- Exploit development issues Simple Nomad (Apr 11)
- Exploit development issues curious one (Apr 11)
- Exploit development issues H D Moore (Apr 11)