So i'm testing an exploit on my deticated server, and a calc.exe proof of concept works fine but when i change the shellcode to anything else it doesnt work,( by anything, i mean "create admin user" ) I tried every encoder on the metasploit shellcode generator. any tips on how to make this exploit work on a win server 2003? i tried it locally on a virtual machine (same OS) and it worked there so im puzzled, something with packets going through internet screwing it up?
all i can thing of is diferent build (of the OS)? but the shellcode does crash the service so its hitting some code
@OP, I would give you the same response to what I have already posted in the thread Lincoln linked to above. You need to learn how buffer overflow exploits work and try coding one yourself so you can gain the skills to troubleshoot this.
The problem is probably related to an restricted character in your shellcode (e.g. a character that causes buffer mangling when its sent to the vulnerable program), or to the size of the shellcode either not fitting within the space allowed or changing the buffer layout so the particular overwrite conditions for the overflow exploit to work are no longer present.
I gave advice on how to troubleshoot this in the other thread, but you need the basic "overflowing" skills before you will be able to manage this. This is not something we can help you fix via a forum...
Different patch levels or builds of the OS can make a difference to this as well, as you theorised, and so can various memory protection methods (e.g. DEP). If you have an identical build and patch level of the OS, configured the same way however, it should behave the same way on both systems.
Some good references for learning buffer overflows are in the last post I made to AnActivist Pentesting Documentation thread.
My experiece with shellcode is.. on XP i use MSF 3.0 on a XP maschine, and so id works with the right encoder.. if i use shellcode from BT4 MSF 3.2 on XP shellcode dount run..
I think the new shellcode is for vista and seven.. but i am not shure..