Metasploit mailing list archives
No room for shellcode
From: hdm at metasploit.com (H D Moore)
Date: Sun, 03 May 2009 15:35:31 -0500
On Sun, 03 May 2009 14:46:30 -0500, DB Allen <allendb760 at googlemail.com> wrote:
It's FTP - I didn't know about 0xFF being treated as an escape , this server doesn't seem to like 0x0D either for whatever reasons - I tried generating new shellcode without 0xFF and 0x0D but this seemed to not cause an overflow - so then tried it with PexAlphaNum encoded shellcode - all the shellcode seems to get copied across this time but I don't get control of EIP, although an access violation still occurs further up in the stack.
Try using the BadChars from an existing FTP exploit: 'BadChars' => "\x00\x7e\x2b\x26\x3d\x25\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e", 0xFF may need to be doubled (in your exploit code, just use gsub to double it up), but more than likely not. 0x0a and 0x0d are the CRLF line terminators, so no surprise its an issue. -HD
Current thread:
- No room for shellcode DB Allen (May 02)
- No room for shellcode egypt at metasploit.com (May 02)
- No room for shellcode Patrick Webster (May 03)
- No room for shellcode DB Allen (May 03)
- No room for shellcode H D Moore (May 03)
- No room for shellcode DB Allen (May 03)
- No room for shellcode H D Moore (May 03)
- No room for shellcode DB Allen (May 04)
- No room for shellcode Patrick Webster (May 05)
- No room for shellcode Patrick Webster (May 03)
- No room for shellcode egypt at metasploit.com (May 02)
- No room for shellcode Kim Guldberg (May 03)