Metasploit mailing list archives
Re: against EMET?
From: HD Moore <hdm () metasploit com>
Date: Wed, 01 Feb 2012 00:46:15 -0600
On 1/30/2012 9:34 PM, Jun Koi wrote:
hi, i am wondering how we are doing against EMET (running on Windows XP, for ex)? is it true that most (or even all?) exploits in Metasploit fail against EMET? if so, is there any plan to fix the problem?
The problem is a bit of cat-and-mouse - no plans now to rework payloads and stagers to avoid it, but we may do so if it becomes default at some point. The previous EAF and other hook filters were easy to bypass, but even between 2.0 and 2.1 changes were made to how the hooks were done. If you want to get started, the stager code is likely your best bet - once its been modified to do whatever is needed for EMET-$current, you can use the rest of the payloads like normal (some stages have the kernel32 lookup stub as well). metasploit/external/source/shellcode/win32/(x86|x64) -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- against EMET? Jun Koi (Jan 30)
- Re: against EMET? HD Moore (Jan 31)
- Re: against EMET? Stephen Haywood (Feb 01)
- Re: against EMET? HD Moore (Feb 01)
- Re: against EMET? Chip (Feb 01)
- Re: against EMET? Joshua Smith (Feb 01)
- Re: against EMET? Joshua Smith (Feb 01)
- Re: against EMET? Stephen Haywood (Feb 01)
- Re: against EMET? HD Moore (Jan 31)
- <Possible follow-ups>
- Fwd: against EMET? Joshua Smith (Feb 02)