Metasploit mailing list archives
How Secure is Windows Hardware-enforced Data Execution Prevention [was ani_loadimage_chunksize problem]
From: rhyskidd at gmail.com (Rhys Kidd)
Date: Thu, 25 Oct 2007 21:28:32 +0800
Oh Metasploit has already provided exploits that will reliably bypass Windows NX/DEP http://metasploit.com/dev/trac/browser/framework3/trunk/modules/exploits/windows/dcerpc/msdns_zonename.rb The issue, as I discussed it with HD previously, is that there is no widespread way of doing this by making changes to the payloads. In the above case it was done within the exploit module, first ensuring NX/DEP was disabled in the target vulnerable process, and then passing to the chosen payload. Keep in mind that NX/DEP isn't the only built in protection against remote code execution in modern Windows. There's also stack canaries, ASLR, heap protection etc which may or may not be enabled depending on the particular process, CPU and OS release. The type of vulnerability it self is also relevant. Certain vulnerable API calls will be easier/harder to use when the target may be using these mitigating protections. But if you have suggestions for a more generically applicable method, please discuss! Rhys -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071025/c7335e45/attachment.htm>
Current thread:
- ani_loadimage_chunksize problem Thomas Werth (Oct 24)
- ani_loadimage_chunksize problem H D Moore (Oct 24)
- ani_loadimage_chunksize problem Thomas Werth (Oct 24)
- How Secure is Windows Hardware-enforced Data Execution Prevention [was ani_loadimage_chunksize problem] Thomas Werth (Oct 25)
- How Secure is Windows Hardware-enforced Data Execution Prevention [was ani_loadimage_chunksize problem] Rhys Kidd (Oct 25)
- How Secure is Windows Hardware-enforced Data Execution Prevention [was ani_loadimage_chunksize problem] Thomas Werth (Oct 29)
- How Secure is Windows Hardware-enforced Data Execution Prevention [was ani_loadimage_chunksize problem] Rhys Kidd (Oct 29)
- ani_loadimage_chunksize problem Thomas Werth (Oct 24)
- How Secure is Windows Hardware-enforced Data Execution Prevention [was ani_loadimage_chunksize problem] Pusscat (Oct 25)
- How Secure is Windows Hardware-enforced Data Execution Prevention [was ani_loadimage_chunksize problem] Thomas Werth (Oct 25)
- ani_loadimage_chunksize problem H D Moore (Oct 24)