lsass_ms04_011 failure

[hdm at metasploit.com (H D Moore)]

Could you provide some information about the target systems off-list? If 
you are using a non-English language, there may be a problem with the 
return addresses. If want to check the return address, use WinDbg to 
attach to the lsass.exe process on the XP system, open the memory view, 
punch in 0x7449bf1a for the address, and make sure the first bytes are 
"FF E4". This address is inside SAMSRV.DLL. If you don't feel like using 
WinDbg, you can also do this from the command-line with msfpescan:

$ msfpescan -f samsrv.dll -a 0x7449bf1a -A 2
0x7449bf1a   ffe4

-HD

On Thursday 03 March 2005 04:51, Guillaume Pierronnet wrote:
> hi,
>
> lsass_ms04_011 exploit failed to run on Windows XP and Windows 2000 by
> crashing lsass.exe. I tried several payloads, same results.
>
> The first "houseofdabus" exploit works fine on Windows XP (but not on
> the Windows 2000, same symptoms).
>
> do you have ideas ? Thanks