21 August 2012

Payload Staging

Sometimes you can not find the way of run payload on buffer because of the space limitations. when it happens, you may use egghunting if you can  hold second payload on buffer or you can use metasploit staging payloads.

Basically first  stage  payload use VirtualAlloc to allocate some RWX memory and then download the second stage and so on..

I prepared a video of exploiting the vulnerable service(MiniShare WebServer) by using staging just for fun:) . ( I changed the injection vector from direct jmp esp to pop retn  + jmp esp with some fake stack alignment)


                                 

No comments: