Metasploit mailing list archives
Re: Help required to understand the Exploits Better
From: firstname lastname <psykosonik_frequenz () yahoo com>
Date: Tue, 6 Dec 2011 04:00:02 -0800 (PST)
I understand that. Theoretically going through the exploit definition and what exactly it does is different from trying to see how exactly the memory layout is crafted and how the shellcode is placed to be executed. This is the reason, I asked if there's a way to set a breakpoint somewhere to see the Registers/Stack/Memory Contents at the time of launching the exploit. ________________________________ From: Sunil Kumar <badboy16a () gmail com> To: firstname lastname <psykosonik_frequenz () yahoo com> Cc: "framework () spool metasploit com" <framework () spool metasploit com> Sent: Tuesday, December 6, 2011 5:13 PM Subject: Re: [framework] Help required to understand the Exploits Better Some reading about the specific exploit you are using should give you better understanding. On Tue, Dec 6, 2011 at 5:05 PM, firstname lastname <psykosonik_frequenz () yahoo com> wrote: I want to understand what exactly an exploit module is doing on the victim's machine in a better way. If I run a metasploit exploit module against a Windows Target which triggers some vulnerability and exploits it to gain a reverse tcp shell for instance.
What I am trying to understand is, how does the memory map of the victim machine look like when the Application crashed. As an example to make it more clear what I want to know is: I run a Browser Based exploit on Mozilla Firefox running on Victim's machine. This exploit crashes the browser on victim's machine and sends back a reverse tcp shell. At the very point, when the Browser Crashes on Victim's Machine, is it possible to take a look at the memory map to understand, what are the contents of the CPU Registers or to find out the shell code in memory? I attached my debugger to firefox.exe process before launching the exploit. When I ran the exploit, firefox crashed, I also got the reverse tcp shell but in Olly Debugger, it showed no status info for the registers. That section went blank. Can I find out the location of shellcode in memory and the value of EIP or things like that? I believe, since the exploit has already occurred, I need to set a breakpoint somewhere else in the code to pause the execution before shellcode gets executed. Any clues, how to go about it? This is only for a better understanding of the Exploits. Regards, NeonFlash _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-- Your smile is the most precious thing that doesn't cost you. Keep smiling. :) =============== SunilKumar ------------------------------ http://in.linkedin.com/in/sunilkr86/ ===============
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Help required to understand the Exploits Better firstname lastname (Dec 06)
- Re: Help required to understand the Exploits Better Sunil Kumar (Dec 06)
- Re: Help required to understand the Exploits Better firstname lastname (Dec 06)
- Re: Help required to understand the Exploits Better Sunil Kumar (Dec 06)
- Re: Help required to understand the Exploits Better sisco 0 (Dec 06)
- Re: Help required to understand the Exploits Better firstname lastname (Dec 06)
- Re: Help required to understand the Exploits Better Sunil Kumar (Dec 06)
- Re: Help required to understand the Exploits Better Joshua J. Drake (Dec 06)
- Re: Help required to understand the Exploits Better firstname lastname (Dec 06)