Executable Download and Execute - payload

[opexoc at gmail.com (Jan Grzdyl)]

> > I try to exploit some app and in my exploit I overwrite SEH - this
> shellcode
> > does not work for this exploit.
>
> I am not 100% sure what you're saying here: do you mean that you can
> successfully control EIP, but the shellcode doesn't execute?
>
> If you are using the typical POP/POP/RET trampoline for your SEH
> overwrite, then set a breakpoint on the address of the POP/POP/RET and
> make sure that it's actually being hit.


Yes I am using typical POP/POP/RET trampoline for my SEH overwrite. Yes it
is being hit. Afterwards, shellcode is being executed. Unfortunately this
shellcode in this situation does not work. I suspect that it could be caused
by that my exploit is overwriting SEH and when shellcode throw exception
then it can't be handle.

But, I am not convinced if this shellcode really throw exception because
when I normally run such program in debugger:

unsigned char scode[] =
"<Your shellcode>";

int main(){

    ((void (*)()) scode)();
    return 0;
}

then there is no exceptions, but when I try to step by step ( F8 in olly )
execute program then there is thrown exception which can't be handle. It is
very weird.

best,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071216/4415f561/attachment.htm>