Re: Meterpreter don't exit

[Kevin Shaw <kevin.lee.shaw () gmail com>]

I'm getting that book and grey hat python tomorrow.. I expect autographs
too when I see y'all.
On Nov 8, 2011 8:53 PM, "HD Moore" <hdm () metasploit com> wrote:

> On 11/8/2011 7:49 PM, Kevin Shaw wrote:
> > Hey HD is there any documentation out there about the different exit
> > processes? Like thread vs. the others..
>
> I think its covered in the (ancient) user guide, also in Metasploit
> Unleashed, and the recent book by Kennedy and co.
>
> The three options are:
>
> process = call ExitProcess
> thread  = call ExitThread
> seh     = call *0x0 to trigger an exception
>
>
> You want to use process with multi/handler (unless you used -k /
> injection to create the EXE). You also want to use process with any
> exploit where a master process restarts it on exit.
>
> You want to use thread in most exploit scenarios where the exploited
> process runs the shellcode in a sub-thread and exiting this thread
> results in a working application/system (clean exit).
>
> You want to use seh when there is a structured exception handler (SEH)
> that will restart the thread or process automatically when an error
> occurs. This is useful in some corner cases.
>
>
> The thread option is default for the reasons above, but doesn't quite
> jive with what most folks expect when using this with EXEs and
> multi/handler. According the original poster in an offlist email, there
> may be a bug in the http(s) handler in meterpreter that is preventing
> the process from exiting properly, even when process is used.
>
> HTH,
>
>
> -HD
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework