mailing list archives
Help Understanding Stub for MS06-040
From: kyle.schatzle at gmail.com (Kyle Schatzle)
Date: Wed, 14 Mar 2007 08:38:38 -0500
I'm researching RPC vulnerabilities and trying to recreate MS06-040's
metasploits exploit for a proof of concept to myself. I understand most of
the code, but am missing the main part, creating the stub. Could you point
me in the right direction to understand how to build this? ( minus
the payload, I can understand (most of) the payload) I thought I could
disassemble the netapi32.dll and recreate the IDL file, but was unsuccessful
with using mIDA, and unmidl.
Does this function relate to the stub below?
# /* Function 0x1f at 0x767e912c */
# long function_1f (
# [in] [unique] [string] wchar_t * arg_00,
# [in] [string] wchar_t * arg_01,
# [out] [size_is(arg_03)] char * arg_02,
# [in] [range(0, 64000)] long arg_03,
# [in] [string] wchar_t * arg_04,
# [in,out] long * arg_05,
# [in] long arg_06
If it doesn't relate, could you point me in the right direction to
understand its format?
Pex::NDR::UnicodeConformantVaryingStringPreBuilt( "\xeb\x02" .
-------------- next part --------------
An HTML attachment was scrubbed...
- Help Understanding Stub for MS06-040 Kyle Schatzle (Mar 14)