[framework] Any hints for this port (Zenworks sploit) ?
Jerome Athias
jerome.athias at free.fr
Thu Aug 23 10:44:39 CDT 2007
nowwhat at free.fr a écrit :
> Merci q:
>
> Egghunting will probably be a good idea in the future, the problem for now is I
> can't execute s**t since I just randomly pop something I can't predict into EIP.
> The server justs close the connexion when I spam it with my return address. It's
> probably ASCII related, although I'm not too sure how I could both write the
> return adress and be ASCII compliant...
Are you sure that you have correctly retrieved badchars?
(
http://en.wikibooks.org/wiki/Metasploit/WritingWindowsExploit#Dealing_with_badchars
)
Using breakpoints in your debugger (and maybe Wireshark) should help you
a lot...
going further, please think about the nice encoders of the MSF ;-)
Good luck
/JA
PS: the Immunity debugger includes some useful function to deal with
egghunting and so...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3253 bytes
Desc: S/MIME Cryptographic Signature
Url : http://spool.metasploit.com/pipermail/framework/attachments/20070823/8f320823/attachment.bin
More information about the framework
mailing list