Re: against EMET?

[HD Moore <hdm () metasploit com>]

On 1/30/2012 9:34 PM, Jun Koi wrote:
> hi,
>
> i am wondering how we are doing against EMET (running on Windows XP, for ex)?
> is it true that most (or even all?) exploits in Metasploit fail against EMET?
>
> if so, is there any plan to fix the problem?

The problem is a bit of cat-and-mouse - no plans now to rework payloads
and stagers to avoid it, but we may do so if it becomes default at some
point. The previous EAF and other hook filters were easy to bypass, but
even between 2.0 and 2.1 changes were made to how the hooks were done.

If you want to get started, the stager code is likely your best bet -
once its been modified to do whatever is needed for EMET-$current, you
can use the rest of the payloads like normal (some stages have the
kernel32 lookup stub as well).

metasploit/external/source/shellcode/win32/(x86|x64)

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework