Metasploit mailing list archives
Re: Help required to understand the Exploits Better
From: Sunil Kumar <badboy16a () gmail com>
Date: Tue, 6 Dec 2011 17:13:23 +0530
Some reading about the specific exploit you are using should give you better understanding. On Tue, Dec 6, 2011 at 5:05 PM, firstname lastname < psykosonik_frequenz () yahoo com> wrote:
I want to understand what exactly an exploit module is doing on the victim's machine in a better way. If I run a metasploit exploit module against a Windows Target which triggers some vulnerability and exploits it to gain a reverse tcp shell for instance. What I am trying to understand is, how does the memory map of the victim machine look like when the Application crashed. As an example to make it more clear what I want to know is: I run a Browser Based exploit on Mozilla Firefox running on Victim's machine. This exploit crashes the browser on victim's machine and sends back a reverse tcp shell. At the very point, when the Browser Crashes on Victim's Machine, is it possible to take a look at the memory map to understand, what are the contents of the CPU Registers or to find out the shell code in memory? I attached my debugger to firefox.exe process before launching the exploit. When I ran the exploit, firefox crashed, I also got the reverse tcp shell but in Olly Debugger, it showed no status info for the registers. That section went blank. Can I find out the location of shellcode in memory and the value of EIP or things like that? I believe, since the exploit has already occurred, I need to set a breakpoint somewhere else in the code to pause the execution before shellcode gets executed. Any clues, how to go about it? This is only for a better understanding of the Exploits. Regards, NeonFlash _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-- Your smile is the most precious thing that doesn't cost you. Keep smiling. :) =============== SunilKumar ------------------------------ http://in.linkedin.com/in/sunilkr86/ ===============
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Help required to understand the Exploits Better firstname lastname (Dec 06)
- Re: Help required to understand the Exploits Better Sunil Kumar (Dec 06)
- Re: Help required to understand the Exploits Better firstname lastname (Dec 06)
- Re: Help required to understand the Exploits Better Sunil Kumar (Dec 06)
- Re: Help required to understand the Exploits Better sisco 0 (Dec 06)
- Re: Help required to understand the Exploits Better firstname lastname (Dec 06)
- Re: Help required to understand the Exploits Better Sunil Kumar (Dec 06)
- Re: Help required to understand the Exploits Better Joshua J. Drake (Dec 06)
- Re: Help required to understand the Exploits Better firstname lastname (Dec 06)