Re: ms03-043 questions
From: A*** (netninja_at_hotmail.kg)
Date: 11/03/03
- Previous message: Dave Korn: "Re: arp packet payload"
- In reply to: wirepair: "ms03-043 questions"
- Next in thread: upb: "Re: ms03-043 questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 4 Nov 2003 02:29:19 +0600 To: "wirepair" <wirepair@roguemail.net>
Hello wirepair,
Monday, November 3, 2003, 9:12:54 AM, you wrote:
w> lo all,
w> I was just curious if anyone has been able to get this to execute code. I've been playing with it the last couple of days and I've
w> only managed to get invalid read attempts. I've narrowed it down to requiring at least 584 0x14 characters (a length of 3992
w> appears
w> to be required to cause the exception). Placement within the buffer of the 0x14 characters does not seem to matter. Thanks for
w> any
w> information you can provide.
w> -wire
w> --
w> Visit Things From Another World for the best
w> comics, movies, toys, collectibles and more.
w> http://www.tfaw.com/?qt=wmf
my exploit for MS03-043 takes advantage of global SEH. I overwrote it
with a pointer to my shellcode. make sure ur message body size is
somewhere around 3656. works fine for win2k and winxp. btw u need to
send packet 2 times on win2k, on winxp access violation exception is triggered
only with 1 packet send. my exploit executes successfully but its not
100% reliable. try experimenting with message size. u might get
different results
-- Best regards, A*** mailto:netninja@hotmail.kg
- Previous message: Dave Korn: "Re: arp packet payload"
- In reply to: wirepair: "ms03-043 questions"
- Next in thread: upb: "Re: ms03-043 questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
