Metasploit : Life was not this easy
Everyone knows about how great HDM’s Metasploit really is. I recently came across an interesting feature on the website called the Metasploit Opcode DB that allows people to not only search for instructions from Windows system DLLs but also check for their compatibility across different flavors of Windows.
The need for such instructions stems from a situation when writing your shellcode when you are able to place your return address on the top of the stack but need a jump location that would do the “popping” for you. Other situations when this might be useful is if the address you want to jump to changes all the time but is in some register (EAX, EBX etc.) at the injection point.
All you do is select the kind of instruction you want to use from the drop-down menu, and the Opcode DB does the searching for a match of the instructions you want for IA-32 (Intel Architecture 32-bit). You can also chose the DLLs that should be used for searching such as kernel32.dll ntdll.dll, user32.dll etc. which makes it cool because now you can chose the DLL loaded by the program to be attacked. And here comes the coolest part - you get to choose the compatibility with different flavors of Windows. So you don’t have to worry about portability because you know which exploit will work on which OS. The end result of the exercise is you get a bunch of addresses of the instruction categories you want with their compatibility features.
No related posts.
