Fixes P/P/R for target 1 (BadBlue 2.72b) #1771

wchen-r7 · 2013-04-26T01:24:50Z

Target 1, which covers 2.72b, uses an invalid P/P/R from some unknown DLL, and appears to be broken. Because 2.72b actually uses the same ext.dll as BadBlue EE 2.7 (and that target 0 actually also works against 2.72b), we might as well just use the same P/P/R again.

[FixRM #7875]

To download the vulnerable application for testing, you may get it here:
http://www.badblue.com/down.htm

Ticket for this bug fix (there's also a quick analysis):
http://dev.metasploit.com/redmine/issues/7875

Target 1, which covers 2.72b, uses an invalid P/P/R from some unknown DLL, and appears to be broken. Because 2.72b actually uses the same ext.dll as BadBlue EE 2.7 (and that target 0 actually also works against 2.72b), we might as well just use the same P/P/R again. [FixRM rapid7#7875]

jvazquez-r7 · 2013-04-26T02:12:43Z

That's true:

10033F44  |. 5E             POP ESI
10033F45  |. 5B             POP EBX
10033F46  \. C3             RETN

merging!

jvazquez-r7 pushed a commit that referenced this pull request Apr 26, 2013

Land #1771, @wchen-r7's fix for ppr address on badblue_passthru

dcd5448

jvazquez-r7 merged commit f3f60f3 into rapid7:master Apr 26, 2013

wchen-r7 deleted the badblue_ppr branch August 22, 2016 16:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fixes P/P/R for target 1 (BadBlue 2.72b) #1771

Fixes P/P/R for target 1 (BadBlue 2.72b) #1771

wchen-r7 commented Apr 26, 2013

jvazquez-r7 commented Apr 26, 2013

Fixes P/P/R for target 1 (BadBlue 2.72b) #1771

Fixes P/P/R for target 1 (BadBlue 2.72b) #1771

Conversation

wchen-r7 commented Apr 26, 2013

jvazquez-r7 commented Apr 26, 2013