metasploit-framework May 2011 archive
Main Archive Page > Month Archives  > metasploit-framework archives
metasploit-framework: Re: [framework] ROP support?

Re: [framework] ROP support?

From: HD Moore <hdm_at_nospam>
Date: Wed May 18 2011 - 21:24:25 GMT
To: framework@spool.metasploit.com

On 5/18/2011 11:52 AM, Jun Koi wrote:
> On Thu, May 19, 2011 at 12:38 AM, Peter Van Eeckhoutte
> <peter.ve@corelan.be> wrote:
>> Msf won’t automagically build a rop chain for you, but if you can build one
>> yourself and include it in your module, the selected payloads will be more
>> than happy to execute for you
>>
>
> so Metasploit doesnt make ROP exploit for. this is the (current)
> limitation, and will be improved in the future? or there is a reason
> for Metasploit not to do that?

There are a ton of tools for doing the ROP work, including stuff like
msfpescan in Metasploit that can be used to find gadgets. We have a ton
of ROP-enabled exploits today, you can use them as a reference point at
least.

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework