Exploit development issues

[0x0804 at gmail.com (curious one)]

Hi SN,

I got it with echo 0 > /proc/sys/kernel/randomize_va_space .

Anyway the topic is off the list. Thanks a lot guys for all the help.

Cheers

On 4/11/06, Simple Nomad <thegnome at nmrc.org> wrote:
> On Tuesday 11 April 2006 06:43, curious one wrote:
> > Hi List,
> >
> > Getting back on track by disabling VA space randomization, I begun with
> > vulnerable sample program provided with SDK. But the same story, i get
> an
> > error (bad address) and exits. So in order to keep up my spirit I took
> the
> > following program from
> > http://www.zone-h.org/files/32/remote_exploits.htmand started with the
> > exploitation process. Strangely, I could not get an
> > offset by using patternOffset.pl . So I started the trusted method of
> > piping evil buffer over NC. Generated the shellcode using metasploit and
> I
> > was relatively sucessful in that. That is to say, I was able toover
> write
> > eip with correct return address. Now the issue came when teh last two
> bytes
> > of shellcode stated producing segfaults. Can someone have a look and
> tell
> > me where am I doing wrong?
>
> This is probably exec-shield, put in place to prevent this kind of
> trickery.
> Try the following as root:
>
> echo "0" > /proc/sys/kernel/exec-shield
> echo "0" > /proc/sys/kernel/exec-shield-randomize
>
> I'd seriously recommend picking up some books as well, like Gray Hat
> Hacking
> or Hacking: The Art of Exploration, plus a book on Assembler. You're off
> to a
> decent start, but truthfully this is not the best forum for this type of
> discussion.
>
> -SN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060411/e57f6ea4/attachment.htm>