Metasploit mailing list archives
pattern_offset.rb
From: sonixxfx at gmail.com (Sonixxfx)
Date: Sun, 8 Apr 2007 13:14:11 +0200
Hi, I am following a tutorial that explains how to write an exploit for the war-ftp 1.65 vulnerability. ( http://www.milw0rm.com/papers/142 ) I am using pattern_offset.rb to determine where in my string the ESP and the EBP register point to, but I don't get any output. It works fine with EIP, and it shows that the return address is located at offset 485 on the stack. Can someone tell me why pattern_offset.rb does not work with the ESP and the EBP register in this case? I have attached a picture of ollydbg for clarification. I have used a pattern of 1000 characters. Thanks for the help. Regards, Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070408/89bacc82/attachment.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: ollydbg.bmp Type: image/bmp Size: 393334 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070408/89bacc82/attachment.bin>
Current thread:
- pattern_offset.rb Sonixxfx (Apr 08)
- pattern_offset.rb Rhys Kidd (Apr 08)
- pattern_offset.rb Sonixxfx (Apr 08)
- pattern_offset.rb Rhys Kidd (Apr 08)