Metasploit mailing list archives

extra code added to exploit and payload

From: hdm at metasploit.com (HD Moore)
Date: Tue, 28 Jul 2009 15:00:26 -0500

On Tue, 28 Jul 2009 14:03:28 -0500, Chris Smith <hybryd17 at gmail.com> wrote:

For example, I modified the exploit msvidctl_mpeg2.rb to operate with no
encoder by commenting out the BadChars line.  The exploit and payload  
still work, but there is still a long sequence of shellcode preceding  
the payload bytes (which come from windows/shell_bind_tcp.rb). Where  
does this extra
code come from and what does it do? It seems necessary, since when I  
patch  the nop sled in the heap spray to jump over this extra code and  
go directly to the payload, I don't get my command shell.



This the nop sled created by the Payload=>Space option, the encoded  
payload is padded out to match this value, it looks like shellcode since  
its a very random nop generator. You can disable this by adding  
'DisableNops' => true to the payload section.

-HD

Current thread:

extra code added to exploit and payload Chris Smith (Jul 28)
- extra code added to exploit and payload HD Moore (Jul 28)