Metasploit mailing list archives

Egghunter

From: tkrpata at bjs.com (Krpata, Tyler)
Date: Mon, 18 Dec 2006 15:17:10 -0500

Hi all,

Hope I'm not spamming the list too much with questions... I'm trying to
figure out how to properly use the Egghunter class. It looks like
generate_egghunter returns 2 items, the "tag" used to identify the
actual payload, and the code that does the hunting. As far as I can
tell, the steps are: 
1. prepend the tag to my encoded payload
2. send the tag+encoded payload to target's memory
3. send the egghunter code to be executed 
4. egghunter code searches process address space for tag
5. if found, encoded payload is executed

I think I must be missing something, because the egghunter code seems to
be entering an infinite loop where it never finds the tag or payload,
even though I can verify that both are in memory.

Any suggestions?

Thanks,
Tyler

Current thread:

Egghunter Krpata, Tyler (Dec 18)
- Egghunter mmiller at hick.org (Dec 18)
- <Possible follow-ups>
- Egghunter Krpata, Tyler (Dec 19)