Metasploit mailing list archives
extra code added to exploit and payload
From: hdm at metasploit.com (HD Moore)
Date: Tue, 28 Jul 2009 15:00:26 -0500
On Tue, 28 Jul 2009 14:03:28 -0500, Chris Smith <hybryd17 at gmail.com> wrote:
For example, I modified the exploit msvidctl_mpeg2.rb to operate with no encoder by commenting out the BadChars line. The exploit and payload still work, but there is still a long sequence of shellcode preceding the payload bytes (which come from windows/shell_bind_tcp.rb). Where does this extra code come from and what does it do? It seems necessary, since when I patch the nop sled in the heap spray to jump over this extra code and go directly to the payload, I don't get my command shell.
This the nop sled created by the Payload=>Space option, the encoded payload is padded out to match this value, it looks like shellcode since its a very random nop generator. You can disable this by adding 'DisableNops' => true to the payload section. -HD
Current thread:
- extra code added to exploit and payload Chris Smith (Jul 28)
- extra code added to exploit and payload HD Moore (Jul 28)