Metasploit mailing list archives

Metasploit vs ANI

From: mmiller at hick.org (mmiller at hick.org)
Date: Tue, 3 Apr 2007 23:30:37 -0700

What version of user32.dll do you have?  What is the instruction at
77d525ba?  The partial overwrite is succeeding, but it appears you have
something other than a call [ebx+4] at this location.

On Wed, Apr 04, 2007 at 08:26:44AM +0200, Thomas Werth wrote:

ok here are details

msf 3 latested updates running on bt2 hd install. Using
win/shell/bind_tcp payload
Test vmware windows xp sp2 german no ani patch installed, running as admin .
Using ollydgb on ie .
WinXp connects to given msf random uri as soon as msf shows ready signals.

Ollydg is catching on error :
EAX ED40601B
ECX 7C92056D ntdll.7C92056D
EDX 00000000
EBX 0012DF80
ESP 0012DECC
EBP FED47515
ESI 0012DEFC ASCII "anih$"
EDI 0012DECC
EIP 77D525BA USER32.77D525BA
C 0  ES 0023 32bit 0(FFFFFFFF)
P 1  CS 001B 32bit 0(FFFFFFFF)
A 0  SS 0023 32bit 0(FFFFFFFF)
Z 1  DS 0023 32bit 0(FFFFFFFF)
S 0  FS 003B 32bit 7FFDF000(FFF)
T 0  GS 0000 NULL
D 0
O 0  LastErr ERROR_INVALID_PARAMETER (00000057)
EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE)
ST0 empty -??? FFFF 0084837B 6B84837B
ST1 empty -??? FFFF 00000000 6B000000
ST2 empty -??? FFFF 00000084 0083007B
ST3 empty -??? FFFF 00000084 0083007B
ST4 empty -??? FFFF 6B84837B 6B84837B
ST5 empty -??? FFFF 00000084 0083007B
ST6 empty 1.0000000000000000000
ST7 empty 1.0000000000000000000
               3 2 1 0      E S P U O Z D I
FST 4000  Cond 1 0 0 0  Err 0 0 0 0 0 0 0 0  (EQ)
FCW 027F  Prec NEAR,53  Mask    1 1 1 1 1 1

Current thread:

Metasploit vs ANI, (continued)
- Metasploit vs ANI Nicolas RUFF (Apr 02)
  - Metasploit vs ANI Saad Kadhi (Apr 02)
  - Metasploit vs ANI H D Moore (Apr 02)
    - Metasploit vs ANI Nicolas RUFF (Apr 02)
    - Metasploit vs ANI mmiller at hick.org (Apr 02)
    - Metasploit vs ANI H D Moore (Apr 02)
    - Metasploit vs ANI Giorgio Casali (Apr 03)
    - Metasploit vs ANI Thomas Werth (Apr 03)
    - Metasploit vs ANI mmiller at hick.org (Apr 03)
    - Metasploit vs ANI Thomas Werth (Apr 03)
    - Metasploit vs ANI mmiller at hick.org (Apr 03)
    - Metasploit vs ANI Thomas Werth (Apr 03)
    - Metasploit vs ANI mmiller at hick.org (Apr 04)
    - Metasploit vs ANI Thomas Werth (Apr 04)
    - Metasploit vs ANI H D Moore (Apr 04)
    - Metasploit vs ANI H D Moore (Apr 04)
    - Metasploit vs ANI Fabrice MOURRON (Apr 04)
    - Metasploit vs ANI security (Apr 05)
    - Metasploit vs ANI Jerome Athias (Apr 05)
    - Metasploit vs ANI security (Apr 05)
    - Metasploit vs ANI Thomas Werth (Apr 11)

(Thread continues...)