[prev in list] [next in list] [prev in thread] [next in thread]
List: metasploit-framework
Subject: Re: [framework] msfpayload - Replacing Shell Code in Exploit
From: H D Moore <hdm () metasploit ! com>
Date: 2009-02-08 0:14:24
Message-ID: 1234052064.16558.33.camel () localhost
[Download RAW message or body]
On Sat, 2009-02-07 at 15:30 +0100, Florian Roth wrote:
> Can anyone explain how to handle 2-stage shell code (meterpreter) or
> how to integrate it in the working exploit?
There is more to it than just sending the right bytes.
1. Send the stager (reverse|bind) in the exploit itself
2. Handle the connection to the stager, send a middle stager
3. Transfer the 2000+ byte DLL injection stage using the middle stager
4. Transfer the Meterpreter DLL using the DLL injection stager
5. Communicate over the port using the Meterpreter API/protocol
6. Use this protocol to load stdapi,priv,etc
In the 2-part stage above (shell), send the first part in the exploit,
and once the connection is established, send the second part, and you
have your shell. If you don't want a staged payload, generate
windows/shell_(reverse|bind)_tcp instead.
-HD
_______________________________________________
http://spool.metasploit.com/mailman/listinfo/framework
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic