begood Posted August 23, 2010 Report Posted August 23, 2010 In article 8 of my exploit writing series, I have introduced the concept of egg hunters, and explained what an omelet hunter is and how it works. Today, I want to share with you my own eggs-to-omelet implementation, explain how it works, and how you can use it in a standalone exploit or in a metasploit module. In case you missed article 8, I’ll start with a short recap and explain the basic concepts of egg hunters and omelet. At the same time, I would like to mention that you might have to read article 8 first before you will understand this post. This post is not a full blown tutorial, it really is just a write-up of some of my own notes and tools. And yes, I plan on doing this kind of write-ups more often. Basic concepts An egg hunter is a piece of code that is designed to look for another (mostly bigger) piece of (shell)code in memory, and execute that piece of code when it finds it. It uses a tag, (usually 4 bytes) to locate the second piece of code. Egg hunters are often used if the available space for executing shellcode is limited, and there is another (random / non-static) location in memory where you can store data. An omelet is an extension of this concept. Instead of finding one set of code and execute it, it has the ability to find multiple pieces of code, reassemble them into the original code, and execute them.more : http://www.corelan.be:8800/index.php/2010/08/22/exploit-notes-win32-eggs-to-omelet/ Quote
Flubber Posted August 23, 2010 Report Posted August 23, 2010 chap0 face parte din Corelan? Nu stiam. Foarte bune articolele pe site-ul respectiv.De asemenea: http://www.corelan.be:8800/index.php/2010/06/23/how-strong-is-your-fu-2-the-report/ [cred ca destul de necesar (dar optional) pentru a aplica egg-omletii xD]Saru' mana! Quote
