The
Metasploit Meterpreter is an excellent example of a process injection payload. Meterpreter
provides an attacker with a robust set of capabilities, offering nearly all of the same
Chapter 9: Shellcode Strategies
203
PART III
Figure 9-6
Syscall proxy
operation
capabilities as a traditional command interpreter, while hiding within an existing process
and leaving no disk footprint on the target computer.
References
LSoD Unix Shellcode Components http://lsd-pl.net/projects/asmcodes.zip
LSoD Windows Shellcode Components http://lsd-pl.net/projects/winasm.zip
Skape, ???Understanding Windows Shellcode??? www.hick.org/code/skape/papers/win32-
shellcode.pdf
Skape, ???Metasploit??™s Meterpreter??? www.metasploit.com/projects/Framework/docs/
meterpreter.pdf
Arce Ivan, ???The Shellcode Generation,??? IEEE Security & Privacy, September/October 2004
Other Shellcode Considerations
Understanding the types of payloads that you might choose to use in any given exploit
situation is an important first step in building reliable exploits. Given that we understand
the network environment that our exploit will be operating in, there are a couple
of other very important things to understand.
Shellcode Encoding
Whenever we attempt to exploit a vulnerable application, it is important that we understand
any restrictions that we must adhere to when it comes to the structure of our input
data.
Pages:
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397