Metasploit mailing list archives
msfpayload - Replacing Shell Code in Exploit
From: hdm at metasploit.com (H D Moore)
Date: Sat, 07 Feb 2009 18:14:24 -0600
On Sat, 2009-02-07 at 15:30 +0100, Florian Roth wrote:
Can anyone explain how to handle 2-stage shell code (meterpreter) or how to integrate it in the working exploit?
There is more to it than just sending the right bytes. 1. Send the stager (reverse|bind) in the exploit itself 2. Handle the connection to the stager, send a middle stager 3. Transfer the 2000+ byte DLL injection stage using the middle stager 4. Transfer the Meterpreter DLL using the DLL injection stager 5. Communicate over the port using the Meterpreter API/protocol 6. Use this protocol to load stdapi,priv,etc In the 2-part stage above (shell), send the first part in the exploit, and once the connection is established, send the second part, and you have your shell. If you don't want a staged payload, generate windows/shell_(reverse|bind)_tcp instead. -HD
Current thread:
- msfpayload - Replacing Shell Code in Exploit Florian Roth (Feb 07)
- msfpayload - Replacing Shell Code in Exploit H D Moore (Feb 07)