-
Notifications
You must be signed in to change notification settings - Fork 45
/
Metasploit-EXITFUNC
34 lines (22 loc) · 1.37 KB
/
Metasploit-EXITFUNC
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
This EXITFUNC option effectively sets a function hash in the payload that specifies a
DLL and function to call when the payload is complete.
There are 4 different values for EXITFUNC :
+ none
+ seh
+ thread
+ process.
Usually it is set to thread or process, which corresponds to the ExitThread or ExitProcess calls.
"none" technique will calls GetLastError, effectively a no-op.
The thread will then continue executing, allowing you to simply cat multiple payloads together to be run in serial.
EXITFUNC will be useful in some cases where after you exploited a box, you need a clean exit,
even unfortunately the biggest problem is that many payloads don’t have a clean execution path after the exitfunc.
- SEH:
This method should be used when there is a structured exception handler (SEH) that will restart the
thread or process automatically when an error occurs.
- THREAD:
This method is used in most exploitation scenarios where the exploited process (e.g. IE) runs the shellcode
in a sub-thread and exiting this thread results in a working application/system (clean exit)
- PROCESS:
This method should be used with multi/handler.
This method should also be used with any exploit where a master process restarts it on exit.
Source: https://www.hacking-tutorial.com/tips-and-trick/what-is-metasploit-exitfunc/