Metasploit mailing list archives
extra code added to exploit and payload
From: hybryd17 at gmail.com (Chris Smith)
Date: Tue, 28 Jul 2009 15:03:28 -0400
I'm trying to understand the code added by Metasploit in addition to the exploit and payload. For a given exploit and payload, Metasploit seems to add code above and beyond what can be seen in the exploit and payload modules, even when there is no encoding. For example, I modified the exploit msvidctl_mpeg2.rb to operate with no encoder by commenting out the BadChars line. The exploit and payload still work, but there is still a long sequence of shellcode preceding the payload bytes (which come from windows/shell_bind_tcp.rb). Where does this extra code come from and what does it do? It seems necessary, since when I patch the nop sled in the heap spray to jump over this extra code and go directly to the payload, I don't get my command shell. Thanks, Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090728/c5f82fb3/attachment.htm>
Current thread:
- extra code added to exploit and payload Chris Smith (Jul 28)
- extra code added to exploit and payload HD Moore (Jul 28)