Improving stager payloads especially on non-Windows platforms
I’m a fourth-year university student from Japan, majoring in computer science. I’m interested in binary exploitation and reverse engineering. I like software development, especially security tools. Metasploit is most famous exploitation tool in the world, of course I often use it, and want to contribute it. Therefore, I’m most interested in this GSoC project. I have good experience with C and Ruby programming and debugging, exploiting. I can solve these tasks.
It's embarrassing, so I omit it here...
It's embarrassing, so I omit it here...
I’m interested in fixing stager payload tasks on non-Windows platforms. These task require cross compile environment. I develop using a cross build framework in ' rapid7/mettle'.
First task is making a reverse_http/https stager that can load the new 'mettle' payload. There is not always a standard system-wide HTTP library available as it is on Windows, this might be a simple standalone C or assembly implementation. I make better than curl / wget stagers.
Second, the Windows reverse_tcp_rc4 stager is also an interesting stager performs encryption on the payload preventing fingerprinting, but this does not work on other platforms yet. I fix it on non-Windows platforms.
if I can afford, I will also do the other two tasks. First, posix stagers do not typically implement retries, UUIDs, or other robust features that the Windows equivalent stagers do. I will make these support this feature. Second, it is supporting 'mettle' payload on aarch64 or powerPC. Currently it runs only for x86, x64, arm, mips.
Optional Goals are improving my skills in C and ASM, Ruby programming, software exploitation and learning a lot about metasploit internal structure.