Metasploit mailing list archives
Any hints for this port (Zenworks sploit) ?
From: jerome.athias at free.fr (Jerome Athias)
Date: Thu, 23 Aug 2007 17:44:39 +0200
nowwhat at free.fr a ?crit :
Merci q: Egghunting will probably be a good idea in the future, the problem for now is I can't execute s**t since I just randomly pop something I can't predict into EIP. The server justs close the connexion when I spam it with my return address. It's probably ASCII related, although I'm not too sure how I could both write the return adress and be ASCII compliant...
Are you sure that you have correctly retrieved badchars? ( http://en.wikibooks.org/wiki/Metasploit/WritingWindowsExploit#Dealing_with_badchars ) Using breakpoints in your debugger (and maybe Wireshark) should help you a lot... going further, please think about the nice encoders of the MSF ;-) Good luck /JA PS: the Immunity debugger includes some useful function to deal with egghunting and so... -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3253 bytes Desc: S/MIME Cryptographic Signature URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070823/8f320823/attachment.bin>
Current thread:
- Any hints for this port (Zenworks sploit) ? nowwhat at free.fr (Aug 23)
- Any hints for this port (Zenworks sploit) ? Jerome Athias (Aug 23)
- Any hints for this port (Zenworks sploit) ? nowwhat at free.fr (Aug 23)
- Any hints for this port (Zenworks sploit) ? Jerome Athias (Aug 23)
- Any hints for this port (Zenworks sploit) ? nowwhat at free.fr (Aug 24)
- Any hints for this port (Zenworks sploit) ? nowwhat at free.fr (Aug 23)
- Any hints for this port (Zenworks sploit) ? Jerome Athias (Aug 23)