Assembly listings for many of Metasploit??™s shellcode components
can be found on the Metasploit website in their shellcode section. Unfortunately, it is
not nearly as easy to determine how much stack space is used when you elect to use one
of Metasploit??™s payload encoders. The listings for the encoders are not so easy to analyze,
as they are dynamically generated using Perl modules found in the encoders directory of
the Metasploit distribution. In general, it is wise to perform a stack adjustment as the
first step in any stack-based payload. The purpose of the adjustment should be to move
esp safely below your shellcode and to provide clearance for your shellcode to run without
corrupting itself. Thus if we want to make a 520-byte adjustment to esp before passing
control to our Metasploit-generated decoder, we would pre-append the following:
"\x81\xc4\xf8\xfd\xff\xff" add esp,-520 ; sub esp,520 contains nulls
Reference
The Metasploit Project ??“ Shellcode Components http://metasploit.com/shellcode.html
Documenting the Problem
Whether you have been able to produce a working exploit or not, it is always useful to
document the effort that you put in while researching a software problem. The disclosure
process has already been discussed in previous chapters, but here we will talk a little
about the types of technical information that you may want to include in correspondence
with a software vendor.
Pages:
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838