Metasploit mailing list archives
IIS 5.0 .printer exploit fix
From: robd003 at gmail.com (Rob)
Date: Tue, 6 Jun 2006 17:12:25 -0700
Hey all, I noticed that the IIS 5.0 .printer exploit was using the EBX register and yet it was occasionally being used by the nops generator. That and I figured changing the return address to something inside of ntdll would also make it a little more reliable. Here's my fix: #add this 'Nop' => { 'SaveRegs' => ['ebx'], }, #change return address 'Targets' => [['Windows 2000 SP0/SP1', 0x77f8948b]], Cheers, Rob Palmer
Current thread:
- IIS 5.0 .printer exploit fix Rob (Jun 06)