[framework] Problem in writing exploits
Simple Nomad
thegnome at nmrc.org
Wed Oct 11 10:49:53 CDT 2006
On Wednesday 11 October 2006 10:00, Cristiano de Nunno wrote:
> I'm running Ubuntu Dapper, and I followed your advice using
>
> echo "0" > /proc/sys/kernel/randomize_va_space
>
> to disable stack randomization.
>
> Now if I check with gdb the esp reg value is always the same, but when I
> attempt to exploit the program with metasploit I get "Read: bad address"
> error and payloads don't work.
>
> How can I do?
Essentially you are asking someone else to do all of the heavy lifting. You
are giving no details, and even if you did give details it will only spawn
another email, and this could go on for weeks in email. I *seriously*
recommend you read the books I suggested first. I've done some training in
exploit writing basics before, and these books are what I recommend
especially to someone starting out.
To quote myself from the previous email:
> > However all of this is way beyond the list charter. I'd recommend a
> > couple of
> > books, such as "Gray Hat Hacking", "Hacking: The Art of Exploitation",
> > and "The Shellcoder's Handbook".
Good luck, please read and try out all of the examples involving exploit
writing in the books first.
-SN
More information about the framework
mailing list