Metasploit mailing list archives
aggressive.rb
From: mmiller at hick.org (mmiller at hick.org)
Date: Wed, 17 Oct 2007 08:58:15 -0700
On Wed, Oct 17, 2007 at 10:38:54AM -0500, Samuel McIngvale wrote:
I was wondering if there was an equivalent way to do this in ruby (execute the shellcode). That way, the entire vulnerable server could be something like (using metasploit functions): create_tcp_Server buf = sock.get() return into buf # somehow execute buf, which is just shellcode
It is possible to do this, but you would have to write some C code that you can call into from Ruby that would basically execute the string passed in as a parameter to a method call. We have some code like this that we use to test the encoders included in the framework. The thing to keep in mind here is that you would only be able to execute shellcode that is native to the operating system that you're running Ruby on. For instance, if you're using Metasploit on Windows, you'd only be able to run the Windows shellcode.
Current thread:
- aggressive.rb Samuel McIngvale (Oct 16)
- aggressive.rb mmiller at hick.org (Oct 16)
- aggressive.rb Samuel McIngvale (Oct 17)
- aggressive.rb mmiller at hick.org (Oct 17)
- aggressive.rb Samuel McIngvale (Oct 17)
- aggressive.rb mmiller at hick.org (Oct 16)