Metasploit mailing list archives
A Wee Bit of Help
From: jms at bughunter.ca (J. M. Seitz)
Date: Fri, 16 Mar 2007 13:06:33 -0800
Thanks for all your previous responses to my newb questions. Here is another :) I have found an overflow, and when I pass in the input say with a bunch of NOPs I get a: Can't execute instruction at: 0x90909090 Fine and dandy, it looks like that value is from EAX. eax=90909090 ebx=77c3f973 ecx=7ffffffe edx=03d044cf esi=03d041d4 edi=00429865 eip=77c42a16 esp=03d0418c ebp=03d043f8 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 Now, what I have done is starting at the specified offset where it does the following: 77c42a16 803800 cmp byte ptr [eax],0 ds:0023:90909090=?? I fill that space with the address of where my shellcode is. When I run my "crapsploit" against it, the target process doesn't die anymore and I don't get "calc.exe" popping up. What am I doing wrong here? If I make that return address where my shellcode is a bunch of "A"s then again the process crashes with the same error as before. By the process not dying does it mean that it's running my shellcode, but not successfully? Any help again (thanks HD and Matt for the love before) would be greatly appreciated.... JS -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070316/98781f2b/attachment.htm>
Current thread:
- A Wee Bit of Help J. M. Seitz (Mar 16)
- A Wee Bit of Help H D Moore (Mar 16)
- A Wee Bit of Help mmiller at hick.org (Mar 16)
- A Wee Bit of Help H D Moore (Mar 16)