Metasploit mailing list archives
Re: Small room for shellcode
From: danuxx () gmail com
Date: Fri, 29 Apr 2011 06:04:23 +0000
Thanks Patrick. You are right, I need to find a way to inject the shellcode in memory so that my egghunter can find it, actually I tried different ways but no luck yet. Thanks again. Sent via BlackBerry from Danux Network -----Original Message----- From: Patrick Webster <patrick () aushack com> Date: Fri, 29 Apr 2011 15:17:57 To: <danuxx () gmail com> Cc: <framework () spool metasploit com> Subject: Re: [framework] Small room for shellcode Sometimes I find you can inject the payload with egg hunted tag first.. It is read & discarded by the service, but is now in memory or a log file which is read in. Then you trigger the overflow and execute the egg hunter, which will find the payload. Try that. i.e. sock.put(payload.encoded). sock.put(trigger + hunter[0]) You could also try an omelette style egg hunter. Or look at the current CPU operations & registers when you hit the trigger - there might be some internal instructions you can jump to which aid in exploitation. -Patrick On Thu, Apr 28, 2011 at 5:44 PM, <danuxx () gmail com> wrote:
After fuzzing a service I got a buffer overflow but only 50 bytes to play with. Certainly, I could insert an egghunter there but I have no more bytes in memory to play with. Thoughts? Sent via BlackBerry from Danux Network -----Original Message----- From: Demiri Asmir <demiri.asmir () googlemail com> Sender: framework-bounces () spool metasploit com Date: Wed, 27 Apr 2011 11:36:03 To: John Nash<rootsecurityfreak () gmail com> Cc: <framework () spool metasploit com> Subject: Re: [framework] tutorials for beginners thank you 2011/4/27 John Nash <rootsecurityfreak () gmail com>:If you like videos: http://www.securitytube.net/groups?operation=view&groupId=8 On Wed, Apr 27, 2011 at 1:52 PM, Demiri Asmir <demiri.asmir () googlemail com> wrote:have someone good Tutorials for begninners ? In german maybe? thx _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- tutorials for beginners Demiri Asmir (Apr 27)
- Re: tutorials for beginners NSO Research (Apr 27)
- Re: tutorials for beginners John Nash (Apr 27)
- Re: tutorials for beginners Demiri Asmir (Apr 27)
- Small room for shellcode danuxx (Apr 28)
- Re: Small room for shellcode Patrick Webster (Apr 28)
- Re: Small room for shellcode danuxx (Apr 28)
- Re: tutorials for beginners Demiri Asmir (Apr 27)