metasploit-framework

https://github.com/rapid7/metasploit-framework

Ruby

Metasploit Framework

MetasploitModule#generate_stages_2_to_4

Generate stages 2 to 4.

Stage 2 is a ROP chain that copies stages 3 and 4 from the heap (that stage 1 pivoted
to) onto the stack, bypassing Windows 8+'s check before certain functions (like
VirtualProtect) that we have called them from within expected stack memory instead of
the heap.

Stage 3 is a ROP chain that calls VirtualProtect to mark stages 3 and 4 as executable
(but we only really need stage 4 executable anyway).

Stage 4 is the user-selected Metasploit payload code.

Source | Google | Stack overflow

Edit

git clone [email protected]:rapid7/metasploit-framework.git

cd metasploit-framework

open modules/exploits/windows/backupexec/ssl_uaf.rb

Contribute

# Make a new branch

git checkout -b -your-name--update-docs-MetasploitModule-generate_stages_2_to_4-for-pr

# Commit to git

git add modules/exploits/windows/backupexec/ssl_uaf.rbgit commit -m "better docs for MetasploitModule#generate_stages_2_to_4"

# Open pull request

gem install hub # on a mac you can `brew install hub`

hub fork

git push <your name> -your-name--update-docs-MetasploitModule-generate_stages_2_to_4-for-pr

hub pull-request

# Celebrate!