Re: Help required to understand the Exploits Better

[Sunil Kumar <badboy16a () gmail com>]

I am not actually a hardcore exploit writer but I think putting a
breakpoint at vulnerable function should provide roght direction.

On Tue, Dec 6, 2011 at 5:30 PM, firstname lastname <
psykosonik_frequenz () yahoo com> wrote:

> I understand that. Theoretically going through the exploit definition and
> what exactly it does is different from trying to see how exactly the memory
> layout is crafted and how the shellcode is placed to be executed.
>
> This is the reason, I asked if there's a way to set a breakpoint somewhere
> to see the Registers/Stack/Memory Contents at the time of launching the
> exploit.
>
>   ------------------------------
> *From:* Sunil Kumar <badboy16a () gmail com>
> *To:* firstname lastname <psykosonik_frequenz () yahoo com>
> *Cc:* "framework () spool metasploit com" <framework () spool metasploit com>
> *Sent:* Tuesday, December 6, 2011 5:13 PM
> *Subject:* Re: [framework] Help required to understand the Exploits Better
>
> Some reading about the specific exploit you are using should give you
> better understanding.
>
> On Tue, Dec 6, 2011 at 5:05 PM, firstname lastname <
> psykosonik_frequenz () yahoo com> wrote:
>
> I want to understand what exactly an exploit module is doing on the
> victim's machine in a better way. If I run a metasploit exploit module
> against a Windows Target which triggers some vulnerability and exploits it
> to gain a reverse tcp shell for instance.
>
> What I am trying to understand is, how does the memory map of the victim
> machine look like when the Application crashed. As an example to make it
> more clear what I want to know is:
>
> I run a Browser Based exploit on Mozilla Firefox running on Victim's
> machine. This exploit crashes the browser on victim's machine and sends
> back a reverse tcp shell. At the very point, when the Browser Crashes on
> Victim's Machine, is it possible to take a look at the memory map to
> understand, what are the contents of the CPU Registers or to find out the
> shell code in memory?
>
> I attached my debugger to firefox.exe process before launching the
> exploit. When I ran the exploit, firefox crashed, I also got the reverse
> tcp shell but in Olly Debugger, it showed no status info for the registers.
> That section went blank.
>
> Can I find out the location of shellcode in memory and the value of EIP or
> things like that? I believe, since the exploit has already occurred, I need
> to set a breakpoint somewhere else in the code to pause the execution
> before shellcode gets executed. Any clues, how to go about it?
>
> This is only for a better understanding of the Exploits.
>
> Regards,
> NeonFlash
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
>
>
>
>
> --
> Your smile is the most precious thing that doesn't cost you. Keep smiling.
> :)
> ===============
>      SunilKumar
> ------------------------------
> http://in.linkedin.com/in/sunilkr86/
> ===============


-- 
Your smile is the most precious thing that doesn't cost you. Keep smiling.
:)
===============
     SunilKumar
------------------------------
http://in.linkedin.com/in/sunilkr86/
===============

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework