Metasploit mailing list archives

Microsoft SQL Server Distributed Management Objects OLE DLL

From: hdm at metasploit.com (H D Moore)
Date: Thu, 13 Sep 2007 23:24:33 -0500

Please don't repost the same message in the future. If youre trying to 
find the server length that triggers the overflow, try setting it to 
incrementing lengths and reloading it until it crashes. If you know that 
the string in question overwrites EIP, you can use the pattern_create() 
function to generate a string which will allow you to determine the 
offset based on the crash information. Considering how little information 
you provided in your email (about what you tried and what you are looking 
for), its hard to say which method would work best for you.

Please keep email to the list plain-text only as well ;-)

-HD

On Thursday 13 September 2007 22:47, Manish Gupta wrote:

I am not able to find the server length so please help me.

Current thread:

Microsoft SQL Server Distributed Management Objects OLE DLL Manish Gupta (Sep 13)
- <Possible follow-ups>
- Microsoft SQL Server Distributed Management Objects OLE DLL Manish Gupta (Sep 13)
- Microsoft SQL Server Distributed Management Objects OLE DLL H D Moore (Sep 13)
  - Microsoft SQL Server Distributed Management Objects OLE DLL Manish Gupta (Sep 14)
  - Microsoft SQL Server Distributed Management Objects OLE DLL Manish Gupta (Sep 14)