[framework] Exploit writing payload idea

[Hamid . K]

I guess this is available since early versions of 
MSF through it`s pattern generator and you can
calculate the right address/pad length .
check /sdk of MSF :)



--- mat <mrowley at esoft.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I have not written many... well, any exploits, but I have messed around,
> and tested things like 'Smash the stack for fun a profit'. I was looking
> at the code for the mac airmon wifi exploit (daringphucball.rb), and the
> payload was 0x0defaced a bunch of times. From what I remember, one of
> the hardest part of writing a buffer overflow, was trying to figure out
> where to write the return address.  When looking at a stack after a
> fault, and trying to figure out what return address to overwrite, if you
> have 0x0defaced, all you really know is that you overwrote the return
> address.  What if you did some sort of counter payload, for example
> writing 0x000faced, 0x001faced, ... , 0xffffaced, then when you view the
> stack, you will have an idea of where in the payload you will need to
> put a return address.  Anyways, I thought that this would be a cool
> payload generator for metasploit.  It seems like it wouldnt be very
> difficult to write.  Tell me if this is something people actually use,
> or am I way off in my thinking.  Just an apiphony I had, and wanted to
> share.
> 
> 
> - --
> 
> 
> \\ Mathew Rowley
> \\ eSoft Inc.
> \\ email: echo 'kpmujcw>cqmdr,amk'|perl -pe 's/(.)/chr(ord($1)+2)/ge;'
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> 
> iD8DBQFFXhoq47s/xIwy7o0RAvS1AJ9ImrzzywVA2pMcOQDRwrJpaxgkTgCfd04N
> gv2TBiprd4ZHmpKjw6jUj1c=
> =Qjo2
> -----END PGP SIGNATURE-----
> 



 
____________________________________________________________________________________
Sponsored Link

Mortgage rates near 39yr lows. 
$420k for $1,399/mo. Calculate new payment! 
www.LowerMyBills.com/lre