how to quit a shell gracefully?

[hdm at metasploit.com (H D Moore)]

On Tue, 12 May 2009 19:36:40 -0500, Jun Koi <junkoi2004 at gmail.com> wrote:
> It seems that not all payload support EXITFUNC, right? Could you tell
> a bit about why not all of them support that?

All windows payloads support it, its the api call to use once the  
shellcode completes. Even with a correctly set EXITFUNC, not all exploits  
allow a clean exit, just like not all vulnerabilities can be exploited  
more than once.

> And does that mean only payloads with "EXITFUNC" can safely quit the  
> shell?

It depends on the process you are exploiting. If the process is a  
forked/worker process, then you can exit without causing any problems. If  
you are exploiting a thread within a busy process, like svchost.exe, then  
you need to use ExitThread to prevent the entire process from crashing.  
However, if you don't cleanly exit the command shell before killing the  
session, this causes the shellcode to crash and the EXITFUNC can't help.

Keep in mind that these exploits are already doing something extremely  
unsupported to start with - the fact that we can keep most of the target  
processes relatively stable after exploitation is an accomplishment in  
itself :-)