[framework] strange problem whith network enabled payloads
mmiller at hick.org
mmiller at hick.org
Mon May 15 13:40:45 CDT 2006
On Mon, May 15, 2006 at 11:27:30AM -0700, arahzone-msf at yahoo.com wrote:
> Hi,
>
> I have created a simple program that listen on a socket and
> copy(strcpy) the received data to another buffer that is smaller than
> the buffer used in receive() . I am able to use payloads that dont use
> winsock such as "execute command" sucessfully but all payloads that use
> Winsocks crash. I have debugged the complete process the payload is
> copied correctly to the target buffer on the stack and the execution
> flow is redirected to the begining of the payload. The problem is just
> after the Loadlibrary(ws_32). this call return the correct address of
> ws_32.dll but the next call contain a ADD [DS:EAX],AL and I have an
> acess violation on this instruction. As the "execute command" payload
> works correctly and I am redirecting the execution flow exactly at the
> begining of the payload I really dont know what is going wrong.
This sounds like a payload truncation issue. This could be related to
bad characters. Did you specify 0x00 as being a bad character for the
exploit you're working with?
More information about the framework
mailing list