Problem in writing exploits

[glorfind3l at gmail.com (Cristiano de Nunno)]

Hello to everybody.

I followed the tutorial on writing exploits shown in this page:

http://metasploit.com/projects/Framework/documentation.html

(Exploit Module Tutorial (English))

But I actually couldn't exploit the server.
I admit I'm a total noob and that's why I'm looking for help here.
I'll explain in fw words the problem I have.

I used the vuln1_*.pm included in the framework documentation, and I
calculated the offset with pattern0ffset application included, and that is
ok. The problem is the ESP reg value. The tutorial tell me to pull out this
value with gdb, writing it in the exploit pm file and increasing it a bit;
the problem is that each time I run the exploitable server the esp reg value
changes, and in such a way the exploit doesn't work. My server crashes with
segmentation fault, but no payload is executed.
I set up the msfconsole in the right way, with right addresses and port, I
think the problem is in that esp reg value.

I saw a lot of exploits uses 1 hex value which works on all the machine, how
is this possible if it changes each run the vulnerable program runs?
I read about windows programs and their fixed call value to overwrite eip
reg, and I understand that, but under unix how can I do something similar?

Tnx to everyone :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20061010/e698a250/attachment.htm>