Metasploit mailing list archives
XMPlayer PLS Buffer Overflow Module
From: glinares.code at gmail.com (Greg Linares)
Date: Tue, 28 Nov 2006 20:58:10 -0700
hate to double post but that tool Jerome mentioned is called EEReap from Eeye. If no one grabs a universal address by tomorrow i'll probably dive in and try for it :) On 11/28/06, Greg Linares <glinares.code at gmail.com> wrote:
The dll's were packed with some sort of packer, the msfpescan said peTITE but they didnt decompress right. Jerome suggested using a tool Eeye makes that gets addresses from files in memory so compression isnt a problem. I just havent had whole lot of time to work on that meta file because i was working on 2 more exploits. If someone does come up with a universal address in the .dlls feel free to modify my ruby file accordingly. I tried to include as much as i could. On 11/28/06, Nicob <nicob at nicob.net> wrote:Le lundi 27 novembre 2006 ? 15:09 -0700, Greg Linares a ?crit :[ 'Windows 2000 Pro English SP4', { 'Ret' => 0x77e14c29 } ], [ 'Windows XP Pro SP2 English', { 'Ret' => 0x77db41bc } ], [ 'Windows 2003 SP0 and SP1 English', { 'Ret' => 0x77d74adc } ], [ 'Windows XP Pro SP2 French', { 'Ret' => 0x77d8519f } ], [ 'Windows XP Pro SP2 German', { 'Ret' => 0x77d873a0 } ], [snip]Woo, a lot of targets. There's no DLL installed with XMPlay which could be used as a more universal return address ? Nicob
Current thread:
- XMPlayer PLS Buffer Overflow Module Greg Linares (Nov 27)
- XMPlayer PLS Buffer Overflow Module Nicob (Nov 28)
- XMPlayer PLS Buffer Overflow Module Greg Linares (Nov 28)
- XMPlayer PLS Buffer Overflow Module Greg Linares (Nov 28)
- XMPlayer PLS Buffer Overflow Module H D Moore (Nov 28)
- XMPlayer PLS Buffer Overflow Module Greg Linares (Nov 30)
- XMPlayer PLS Buffer Overflow Module Greg Linares (Nov 28)
- XMPlayer PLS Buffer Overflow Module Nicob (Nov 28)