Metasploit mailing list archives

MSF and Windows SP3 (solved)

From: security at vahle.de (Thomas Werth)
Date: Wed, 04 Jun 2008 10:47:12 +0200

H D Moore schrieb:

ESP is too close to EIP for the stagers to work properly. You will need to 
add a 'StackAdjustment' => -3500 or similar in the Payload section of the 
exploit module.

On Wednesday 04 June 2008, Thomas Werth wrote:

Stack[00000F24]:0012EC84 db  84h ; ?  <---------- ESP
Stack[00000F24]:0012EC8C db    0  <--------- EIP


Well, i have already such a definition in payload object
'Payload'        =>
         {
             'Space'    => 991,
             'BadChars' => "\x00",
             'StackAdjustment' => -3500,
          },

Changing it to -7500 or 5000 or removing doesn't help either.
Any hints ?

Current thread:

MSF and Windows SP3 (Part 2) Thomas Werth (Jun 02)
- MSF and Windows SP3 (Part 2) Thomas Werth (Jun 02)
  - MSF and Windows SP3 (solved) Thomas Werth (Jun 02)
    - MSF and Windows SP3 (solved) mmiller at hick.org (Jun 03)
    - MSF and Windows SP3 (solved) Thomas Werth (Jun 03)
    - MSF and Windows SP3 (solved) H D Moore (Jun 04)
    - MSF and Windows SP3 (solved) Thomas Werth (Jun 04)
    - MSF and Windows SP3 (solved) H D Moore (Jun 04)
    - MSF and Windows SP3 (solved) mmiller at hick.org (Jun 04)
    - MSF and Windows SP3 (solved) Thomas Werth (Jun 04)
    - MSF and Windows SP3 (solved) mmiller at hick.org (Jun 05)
    - MSF and Windows SP3 (solved) Thomas Werth (Jun 05)
    - another payload execution failure Thomas Werth (Jun 11)
    - another payload execution failure H D Moore (Jun 11)
    - another payload execution failure Thomas Werth (Jun 11)
    - another payload execution failure Patrick Webster (Jun 11)
    - Message not available
    - another payload execution failure Thomas Werth (Jun 11)

(Thread continues...)