Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

IIS 5.0 .printer exploit fix

From: robd003 at gmail.com (Rob)
Date: Tue, 6 Jun 2006 17:12:25 -0700
Hey all,

I noticed that the IIS 5.0 .printer exploit was using the EBX register
and yet it was occasionally being used by the nops generator. That and
I figured changing the return address to something inside of ntdll
would also make it a little more reliable. Here's my fix:

#add this
       'Nop' =>
           {
                 'SaveRegs' => ['ebx'],
           },

#change return address
       'Targets' => [['Windows 2000 SP0/SP1', 0x77f8948b]],

    Cheers,
    Rob Palmer
Previous By Date Next
Previous By Thread Next

Current thread: