[framework] Payload Bugs ?
J. M. Seitz
jms at bughunter.ca
Wed Aug 29 07:21:49 CDT 2007
Use the NASM shell that ships with Metasploit.
nasm > sub esp,3500
00000000 81ECAC0D0000 sub esp,0xdac
nasm >
So you would start payload off with "\x81\xec\xac\x0d\x00\x00" but of course
you will want to encode it as those two NULL bytes will give you grief.
JS
> -----Original Message-----
> From: Thomas Werth [mailto:security at vahle.de]
> Sent: Tuesday, August 28, 2007 11:20 PM
> To: framework at metasploit.com
> Subject: Re: [framework] Payload Bugs ?
>
> ok, but how do i append ?
> i doubt $payload .= "sub esp,3500" would do it, am i wrong ?
> How would i exactly append this in perl and how in msf.rb file ?
>
> J. M. Seitz schrieb:
> > I think a simple:
> >
> > sub esp,3500
> >
> > Would do it, prepend to your shellcode.
> >
> > JS
> >> -----Original Message-----
> >> From: Thomas Werth [mailto:security at vahle.de]
> >> Sent: Tuesday, August 28, 2007 10:50 PM
> >> To: framework at metasploit.com
> >> Subject: Re: [framework] Payload Bugs ?
> >>
> >> Patrick Webster schrieb:
> >>> I assume your german return address is correct.
> >>>
> >>> Try using a shellcode with a stack adjustment of -3500.
> >>>
> >>> Otherwise your payload may be using bad characters which are not
> >>> accepted, or the payload code is changed by other
> >> instructions before
> >>> you execute, by the target application?
> >>>
> >>> -Patrick
> >>>
> >> How exactly can i do this ? This sounds really interessting, but i
> >> didn't find a "Adjust Stack for dummies guide" ;) Can you gimme a
> >> small example ?
> >
More information about the framework
mailing list