Re: ms03-049 sp1a and sp0 now working.

• Previous message: gr00vy: "burneye, how i can defeat it?"
• In reply to: wirepair: "ms03-049 sp1a and sp0 now working."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 17 Nov 2003 11:31:09 +0800
To: wirepair <wirepair@roguemail.net>, vuln-dev@securityfocus.com

Hi Wirepair,

You dont need to determine the SP, just try to find a RET that match both
SP, and create shellcode that doesnt contain anything between 0x80 and
0x9f. Having said that, some char like 0x8d is allowed. It will work with
both SP.

But you may also prefer to implement the ASC shellcode as explained in
Hack Proofing Your Network by Caezar.

sk

On Fri, 14 Nov 2003 12:03:25 -0800, wirepair <wirepair@roguemail.net>
wrote:

> Thanks to Dave Aitel for suggesting there is a difference between how
> sp1 and sp0 processes unicode strings. Unfortunately this means you need
> to specify which SP level the remote host is. Does anyone know a way of
> requesting an XP machine return a unicode string? Maybe this way I can
> read in the string and determine which sp level its at and make my code
> automatically detect and use the correct formatting. Thanks,
> -wire
>
> http://sh0dan.org/files/0349.cpp
> http://sh0dan.org/files/0349.exe
> --
> Visit Things From Another World for the best
> comics, movies, toys, collectibles and more.
> http://www.tfaw.com/?qt=wmf

• Previous message: gr00vy: "burneye, how i can defeat it?"
• In reply to: wirepair: "ms03-049 sp1a and sp0 now working."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]