Metasploit mailing list archives
Egghunter
From: tkrpata at bjs.com (Krpata, Tyler)
Date: Mon, 18 Dec 2006 15:17:10 -0500
Hi all, Hope I'm not spamming the list too much with questions... I'm trying to figure out how to properly use the Egghunter class. It looks like generate_egghunter returns 2 items, the "tag" used to identify the actual payload, and the code that does the hunting. As far as I can tell, the steps are: 1. prepend the tag to my encoded payload 2. send the tag+encoded payload to target's memory 3. send the egghunter code to be executed 4. egghunter code searches process address space for tag 5. if found, encoded payload is executed I think I must be missing something, because the egghunter code seems to be entering an infinite loop where it never finds the tag or payload, even though I can verify that both are in memory. Any suggestions? Thanks, Tyler