Results 1 to 4 of 4

Thread: Shellcode doesnt do what its supposed to! (on any encoder)

Hybrid View

  1. #1
    Junior Member
    Join Date
    Jul 2009
    Posts
    37

    Default Shellcode doesnt do what its supposed to! (on any encoder)

    So i'm testing an exploit on my deticated server, and a calc.exe proof of concept works fine but when i change the shellcode to anything else it doesnt work,( by anything, i mean "create admin user" ) I tried every encoder on the metasploit shellcode generator. any tips on how to make this exploit work on a win server 2003? i tried it locally on a virtual machine (same OS) and it worked there so im puzzled, something with packets going through internet screwing it up?

    all i can thing of is diferent build (of the OS)? but the shellcode does crash the service so its hitting some code

  2. #2
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Quote Originally Posted by b3r00tb4ck View Post
    So i'm testing an exploit on my deticated server, and a calc.exe proof of concept works fine but when i change the shellcode to anything else it doesnt work,( by anything, i mean "create admin user" ) I tried every encoder on the metasploit shellcode generator. any tips on how to make this exploit work on a win server 2003? i tried it locally on a virtual machine (same OS) and it worked there so im puzzled, something with packets going through internet screwing it up?

    all i can thing of is diferent build (of the OS)? but the shellcode does crash the service so its hitting some code
    There's some good info here: http://forums.remote-exploit.org/pen...shellcode.html

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by Lincoln View Post
    Yes, I had a recollection of having responded to a thread very similar to this one.

    @OP, I would give you the same response to what I have already posted in the thread Lincoln linked to above. You need to learn how buffer overflow exploits work and try coding one yourself so you can gain the skills to troubleshoot this.

    The problem is probably related to an restricted character in your shellcode (e.g. a character that causes buffer mangling when its sent to the vulnerable program), or to the size of the shellcode either not fitting within the space allowed or changing the buffer layout so the particular overwrite conditions for the overflow exploit to work are no longer present.

    I gave advice on how to troubleshoot this in the other thread, but you need the basic "overflowing" skills before you will be able to manage this. This is not something we can help you fix via a forum...

    Different patch levels or builds of the OS can make a difference to this as well, as you theorised, and so can various memory protection methods (e.g. DEP). If you have an identical build and patch level of the OS, configured the same way however, it should behave the same way on both systems.

    Some good references for learning buffer overflows are in the last post I made to AnActivist Pentesting Documentation thread.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    Member
    Join Date
    Jan 2010
    Posts
    81

    Default

    Hi

    My experiece with shellcode is.. on XP i use MSF 3.0 on a XP maschine, and so id works with the right encoder.. if i use shellcode from BT4 MSF 3.2 on XP shellcode dount run..
    I think the new shellcode is for vista and seven.. but i am not shure..

    ozzy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •