AAAAAAAAAAAAAAAAAAAAAAAAAA [rest of As removed]
(9bc.56c): Access violation ??“ code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
Eax=000001a3 ebx=7ffdf000 ecx=00415b90 edx=00415b90 esi=00080178 edi=00000000
eip=41414141 esp=0012fed4 ebp=41414141 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010206
41414141 ?? ???
0:000>
We now control eip!The next step is to test our chosen shellcode, and then we??™ll put
the pieces together to build the exploit.
Testing the Shellcode
Just as we did with Aleph1??™s shellcode in Linux, let??™s build a simple test of the shellcode.
The Metasploit shellcode is well respected in the security community, so we??™ll build this
first exploit test using Metasploit shellcode. Remember that our goal is to cause meet.exe
to launch an executable of our choice based on the shellcode. For this demo, let??™s force
meet.exe to launch the Windows calculator, calc.exe. Metasploit??™s web page will build
custom shellcode for us by filling in a few fields in a web form. Browse to
www.metasploit.com:55555/PAYLOADS?MODE=SELECT&MODULE=win32_exec
Set the CMD field to calc.
Pages:
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480