-
Notifications
You must be signed in to change notification settings - Fork 14.3k
How to use the Seh mixin to exploit an exception handler
Exception handler overwriting was once a very popular technique to exploit stack buffer overflows, but isn't so common anymore in newer programs because most likely they're compiled with SafeSEH. At one point, even with SafeSEH enabled, it was still possible to abuse an exception handler by heap spraying, but of course, memory protections didn't stop there. DEP/FASLR eventually came to the rescue, so that pretty much terminated the glory days of SEH exploits. You can probably still find vulnerable applications not compiled with SafeSEH, but chances are the app is outdated, no longer maintained, or it is more of a learning experiment for the developer. Nonetheless, exploiting a stack buffer overflow with exception handling is still fun, so if you do come across it, here's how it's supposed to be written with Metasploit's Seh mixin.
To be able to use the SEH mixin, some exploitable requirements must be met:
- The vulnerable program does not have SafeSEH in place.
- No DEP (Data Execution Prevention). The mixin uses a short jump to be able to execute the payload, which means the memory must be executable. DEP, as the name implies, prevents that.
- Home Welcome to Metasploit!
- Using Metasploit A collection of useful links for penetration testers.
-
Setting Up a Metasploit Development Environment From
apt-get installtogit push. - CONTRIBUTING.md What should your contributions look like?
- Landing Pull Requests Working with other people's contributions.
- Using Git All about Git and GitHub.
- Contributing to Metasploit Be a part of our open source community.
- Meterpreter All about the Meterpreter payload.