|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Julien TINNES (jt
cr0.org)
Date: Tue Jul 24 2007 - 07:52:50 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sunday 22 July 2007 17:14:21 Dave Aitel wrote:
> How do these things differ from MOSDEF (other than having a disassembler?)
>
> Is the goal here an injectable proglet session or just a nice way to
> assembler/disassemble shellcode?
>
Metasm is an assembly manipulation suite. Its purpose is to be a bit more
generic than a shellcode compiler, even if it has clearly been developed with
security tools (and especially exploits) in mind. It can be trivially used to
assemble/disassemble shellcodes but it would be perfectly possible to
implement a MOSDEF-like proglet session manager on top of it.
If you want an example of metasm in action for dynamic shellcode generation,
you can take a look at our remote kernel exploit for Madwifi in Metasploit's
trunk (madwifi_giwscan_cb.rb).
Even if this example doesn't rely too much on advanced features you can still
see how we use .pad and .offset together and how we dynamically inject a
Metasploit userland shellcode by using relocations (metasm has full
relocation support).
If you want to see more advanced usages, take a look at the 'samples'
directory, for instance win32hooker-advanced.rb.
This shows how you can find a process, a library mapped in this process and
patch every exported function by using Metasm.
--
Julien TINNES
http://www.cr0.org
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]