Metasploit mailing list archives

need help porting exploit to win2k

From: jerome.athias at free.fr (Jerome Athias)
Date: Wed, 29 Aug 2007 15:27:32 +0200

hi Thomas,

you should try to search in USER32.DLL ;-)

https://www.securinfos.info/international-opcodes/OPcodes_LIST_Windows_2000_Server_SP4_USER32.DLL.html
0x77DF4C29 
<https://www.securinfos.info/international-opcodes/OPcodes_LIST_Windows_2000_Server_SP4_USER32.DLL.html#>

Good luck
/JA
SecurInfos.info

Thomas Werth a ?crit :

Dear List,

i'm trying to port a test exploit towards win2k sp4 german.
I'm looking for a jmp esp. I didn't find one in msf web opcode.
So i used msfpescan like this msfpescan -j esp /mnt/hgfs/ntdll.dll and got :
[/mnt/hgfs/ntdll.dll]
0x778b5a22 push esp; ret
[/mnt/hgfs/KERNEL32.DLL]
0x77ea5570 push esp; retn 0xfffd
[/mnt/hgfs/ws2_32.dll]
0x74fa1dce push esp; ret

When using this as retVal exploit fails and target app crashes.
Am i doing something wrong ?

thx
Thomas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3253 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070829/f9d2fa14/attachment.bin>

Current thread:

Payload Bugs ?, (continued)
- Payload Bugs ? H D Moore (Aug 28)
  - Payload Bugs ? Patrick Webster (Aug 28)
    - Payload Bugs ? Thomas Werth (Aug 28)
    - Payload Bugs ? J. M. Seitz (Aug 28)
    - Payload Bugs ? Thomas Werth (Aug 28)
    - Payload Bugs ? J. M. Seitz (Aug 29)
    - Payload Bugs ? Thomas Werth (Aug 29)
    - Payload Bugs ? Thomas Werth (Aug 29)
    - Payload Bugs ? Jerome Athias (Aug 29)
    - need help porting exploit to win2k Thomas Werth (Aug 29)
    - need help porting exploit to win2k Jerome Athias (Aug 29)
    - need help porting exploit to win2k Thomas Werth (Aug 29)
  - Payload Bugs ? Thomas Werth (Aug 28)