Create a gist now

Instantly share code, notes, and snippets.

@tkmru /proposal.md Secret
Last active May 25, 2017

What would you like to do?
GSoC 2017 metasploit proposal

Title

Improving stager payloads especially on non-Windows platforms

Abstract

I’m a fourth-year university student from Japan, majoring in computer science. I’m interested in binary exploitation and reverse engineering. I like software development, especially security tools. Metasploit is most famous exploitation tool in the world, of course I often use it, and want to contribute it. Therefore, I’m most interested in this GSoC project. I have good experience with C and Ruby programming and debugging, exploiting. I can solve these tasks.

Vitals

It's embarrassing, so I omit it here...

Skillz

It's embarrassing, so I omit it here...

Your project

I’m interested in fixing stager payload tasks on non-Windows platforms. These task require cross compile environment. I develop using a cross build framework in ' rapid7/mettle'.

First task is making a reverse_http/https stager that can load the new 'mettle' payload. There is not always a standard system-wide HTTP library available as it is on Windows, this might be a simple standalone C or assembly implementation. I make better than curl / wget stagers.

Second, the Windows reverse_tcp_rc4 stager is also an interesting stager performs encryption on the payload preventing fingerprinting, but this does not work on other platforms yet. I fix it on non-Windows platforms.

if I can afford, I will also do the other two tasks. First, posix stagers do not typically implement retries, UUIDs, or other robust features that the Windows equivalent stagers do. I will make these support this feature. Second, it is supporting 'mettle' payload on aarch64 or powerPC. Currently it runs only for x86, x64, arm, mips.

Optional Goals are improving my skills in C and ASM, Ruby programming, software exploitation and learning a lot about metasploit internal structure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment