metasploit-framework

https://github.com/rapid7/metasploit-framework

Ruby

Metasploit Framework

MetasploitModule#generate_stage_1

Generate stage 1.

This stage is what overwrites the freed BIO struct. It consists of a non-zero readable
location (to prevent Backup Exec from falling over or failing) and a stack pivot to
some offset from the current SSL socket buffer read location, which will hold a
TLS/SSLv2 record (from the previous SSL connection) holding stages 2-4. The pivot
offset will be different at each UAF trigger attempt; see attempt_triggers).

Source | Google | Stack overflow

Edit

git clone [email protected]:rapid7/metasploit-framework.git

cd metasploit-framework

open modules/exploits/windows/backupexec/ssl_uaf.rb

Contribute

# Make a new branch

git checkout -b -your-name--update-docs-MetasploitModule-generate_stage_1-for-pr

# Commit to git

git add modules/exploits/windows/backupexec/ssl_uaf.rbgit commit -m "better docs for MetasploitModule#generate_stage_1"

# Open pull request

gem install hub # on a mac you can `brew install hub`

hub fork

git push <your name> -your-name--update-docs-MetasploitModule-generate_stage_1-for-pr

hub pull-request

# Celebrate!