Metasploit mailing list archives
lsass_ms04_011 failure
From: hdm at metasploit.com (H D Moore)
Date: Thu, 3 Mar 2005 04:59:16 -0600
Could you provide some information about the target systems off-list? If you are using a non-English language, there may be a problem with the return addresses. If want to check the return address, use WinDbg to attach to the lsass.exe process on the XP system, open the memory view, punch in 0x7449bf1a for the address, and make sure the first bytes are "FF E4". This address is inside SAMSRV.DLL. If you don't feel like using WinDbg, you can also do this from the command-line with msfpescan: $ msfpescan -f samsrv.dll -a 0x7449bf1a -A 2 0x7449bf1a ffe4 -HD On Thursday 03 March 2005 04:51, Guillaume Pierronnet wrote:
hi, lsass_ms04_011 exploit failed to run on Windows XP and Windows 2000 by crashing lsass.exe. I tried several payloads, same results. The first "houseofdabus" exploit works fine on Windows XP (but not on the Windows 2000, same symptoms). do you have ideas ? Thanks
Current thread:
- lsass_ms04_011 failure Guillaume Pierronnet (Mar 03)
- lsass_ms04_011 failure H D Moore (Mar 03)