Mastering Metasploit - Second Edition by Nipun Jaswal

Author:Nipun Jaswal [Jaswal, Nipun]
Language: eng
Format: epub, azw3
Publisher: Packt Publishing
Published: 2016-09-29T21:00:00+00:00

We set the required options and payload as windows/meterpreter/bind_tcp that denotes a direct connection to the target. Let's see what happens when we exploit the system using the exploit command:

Jackpot! We got meterpreter access to the target with ease. Now that we've completed the first exploit module successfully, we will now jump into a slightly more advanced exploit module in the next example.

Exploiting SEH-based buffer overflows with Metasploit

Exception handlers are code modules that catch exceptions and errors generated during the execution of the program. This allows the program to continue execution instead of crashing. Windows operating systems have default exception handlers and we see them generally when an application crashes and throws a pop up that says "XYZ program has encountered an error and needs to close". When the program generates an exception, the equivalent address of the catch code is loaded and called from the stack. However, if we somehow manage to overwrite the address in the stack for the catch code of the handler, we will be able to control the application. Let's see how things are arranged in a stack when an application is implemented with exception handlers:

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.