Metasploit mailing list archives
Question on SEH, PROCESS, THREAD and integrating custom C Code
From: jeffs at speakeasy.net (jeffs)
Date: Wed, 06 Aug 2008 21:45:11 -0400
Thank you, Egypt. Your information is most useful. Where could I find information on the various variables for the msfencode feature. doing: ./msfencode -h provides no information. I am having a bit of difficulty using the msfencode feature and thought knowing the variables and settings would, help but I cannot find them. Before I ask here on the list I thought it would be a good idea to at least play with it and see how far along I get in what I'm doing. Also some good examples might shed some light. thanks and much appreciated. egypt at metasploit.com wrote:
Jeffs, Sorry for the late reply, but here goes: 1) SEH, Process and Thread are exit methods. When the payload has completed (for instance when you type exit in a meterpreter shell), it must exit somehow. SEH means the payload will trigger an exception and let the exception handler deal with it, Process means the payload calls ExitProcess(), and Thread means it calls ExitThread(). 2) The best way to integrate custom C code would be to create a payload for it similar to how meterpreter is set up. 3) Adding a loop and sleep feature to existing payloads would increase their size considerably. We probably won't do this for the main payloads. It might be something to consider for creating additional payloads. Hope I answered your questions, egypt On Mon, Jul 28, 2008 at 6:57 PM, jeffs <jeffs at speakeasy.net> wrote:First thanks for the great program. I've been fiddling with it for months and finally after reading Mark Baggett's document on using Metasploit and AV products, it has all come together. Here is a link to his fine document for those who are interested: http://www.giac.org/certified_professionals/practicals/GCIH/01072.php Yet, I have some lingering questions that maybe an enlighted soul might be able to answer for me. 1) I've confused over the seh, process and thread options and what one can do with them. 2) I have some "c" code that I would like to integrate into the directories so I can use it as a payload. The nice thing about this exploit is that you can set time intervals for it to "phone home" and connects using encrypted channels. I'd like to be able to upload it via meterpreter. How does one go about taking "c" code and turning it into an exploit or module that can be used via the meterpreter? 3) I noticed that if I use some of the msfpayloads such as meterpreter/bind_tcp, the victim's machine will display an error message if upon execution of the binary on the victim's machine there is no attacking machine waiting to receive it's query. Is there some way to modify the behavior of the payloads so it repeatedly queries an ip to connect with or somehow make the process repeating without dieing after one attempt? 4) I'll think of another question soon enough but thanks for any help. _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20080806/574fb844/attachment.htm>
Current thread:
- Question on SEH, PROCESS, THREAD and integrating custom C Code jeffs (Jul 28)
- Question on SEH, PROCESS, THREAD and integrating custom C Code egypt at metasploit.com (Aug 06)
- Question on SEH, PROCESS, THREAD and integrating custom C Code jeffs (Aug 06)
- Question on SEH, PROCESS, THREAD and integrating custom C Code Patrick Webster (Aug 06)
- Question on SEH, PROCESS, THREAD and integrating custom C Code jeffs (Aug 06)
- Question on SEH, PROCESS, THREAD and integrating custom C Code Patrick Webster (Aug 09)
- Question on SEH, PROCESS, THREAD and integrating custom C Code jeffs (Aug 06)
- Question on SEH, PROCESS, THREAD and integrating custom C Code egypt at metasploit.com (Aug 06)