MS09-050: (python) vs (metasploit) ms09_050_smb2_negotiate_func_index

I notice this exploit-db script is less reliable than metasploit - possibly depending on the target.

Sometimes the python script works, sometimes it doesn’t. However, metasploit seems to work relatively consistently.

Intercepting network traffic, the base payloads are very similar, off by only a few bytes (+ the payload).

I’ve tried adding a NOP sled to the manual shellcode, but still cannot get the same consistent experience with the python script as metasploit seems to offer.

Does anyone else have the same experience?

Can you DM me the PCAP file of both exploits?

I share your experience. MSF mostly works straightaway. For the python script, I found that adding NOP sled works very well, but as you mentioned, only with trial and error. This means the payload is probably not properly aligned without the additional NOP bytes I guess.

Looking at the msf module source code and the payload generation, NOPS seem to be disabled but some stack adjustments are made. Additionally, there are some comments talking about potential stability issues and their fixes?!.. I’m sure someone with a little bit more experience in exploit development would know immediately. Maybe I will come back to this some day.