Problem in writing exploits

[thegnome at nmrc.org (Simple Nomad)]

On Wednesday 11 October 2006 10:00, Cristiano de Nunno wrote:
> I'm running Ubuntu Dapper, and I followed your advice using
>
> echo "0" > /proc/sys/kernel/randomize_va_space
>
> to disable stack randomization.
>
> Now if I check with gdb the esp reg value is always the same, but when I
> attempt to exploit the program with metasploit I get "Read: bad address"
> error and payloads don't work.
>
> How can I do?

Essentially you are asking someone else to do all of the heavy lifting. You 
are giving no details, and even if you did give details it will only spawn 
another email, and this could go on for weeks in email. I *seriously* 
recommend you read the books I suggested first. I've done some training in 
exploit writing basics before, and these books are what I recommend 
especially to someone starting out.

To quote myself from the previous email:

> > However all of this is way beyond the list charter. I'd recommend a
> > couple of
> > books, such as "Gray Hat Hacking", "Hacking: The Art of Exploitation",
> > and "The Shellcoder's Handbook".

Good luck, please read and try out all of the examples involving exploit 
writing in the books first.

-SN