Metasploit mailing list archives
Exploit writing payload idea
From: mrowley at esoft.com (mat)
Date: Fri, 17 Nov 2006 13:23:06 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have not written many... well, any exploits, but I have messed around, and tested things like 'Smash the stack for fun a profit'. I was looking at the code for the mac airmon wifi exploit (daringphucball.rb), and the payload was 0x0defaced a bunch of times. From what I remember, one of the hardest part of writing a buffer overflow, was trying to figure out where to write the return address. When looking at a stack after a fault, and trying to figure out what return address to overwrite, if you have 0x0defaced, all you really know is that you overwrote the return address. What if you did some sort of counter payload, for example writing 0x000faced, 0x001faced, ... , 0xffffaced, then when you view the stack, you will have an idea of where in the payload you will need to put a return address. Anyways, I thought that this would be a cool payload generator for metasploit. It seems like it wouldnt be very difficult to write. Tell me if this is something people actually use, or am I way off in my thinking. Just an apiphony I had, and wanted to share. - -- \\ Mathew Rowley \\ eSoft Inc. \\ email: echo 'kpmujcw>cqmdr,amk'|perl -pe 's/(.)/chr(ord($1)+2)/ge;' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFXhoq47s/xIwy7o0RAvS1AJ9ImrzzywVA2pMcOQDRwrJpaxgkTgCfd04N gv2TBiprd4ZHmpKjw6jUj1c= =Qjo2 -----END PGP SIGNATURE-----
Current thread:
- Exploit writing payload idea mat (Nov 17)
- Exploit writing payload idea H D Moore (Nov 17)
- Exploit writing payload idea Hamid . K (Nov 17)
- Exploit writing payload idea Giorgio Casali (Nov 21)