Research Staging techniques

[evanpjensen]

Experiment with writing a sager. See if you can load statically compiled executables into memory and run them. Research putting this functionality into the thrower.

[evanpjensen]

Use this code for testing a stage: https://github.com/isislab/Shellcode/tree/master/stagerTest

[evanpjensen]

I added a script that will add the offset to the beginning of an object file the way the loader expects to see it.

[evanpjensen]

https://github.com/stephenfewer/ReflectiveDLLInjection

[evanpjensen]

http://www.offensive-security.com/metasploit-unleashed/About_Meterpreter

[evanpjensen]

http://www.phrack.org/issues.html?issue=59&id=8&mode=txt

[evanpjensen]

Research the internals of the dlopen function and ld.so

[evanpjensen]

http://www.akkadia.org/drepper/dsohowto.pdf

[robmdunn]

I think we can bypass the difficulties with loading ELF binaries by loading a binary locally, dumping memory to disk, then sending the memory image (with the segments already loaded at the correct offsets) over the wire.

[evanpjensen]

http://users.eecs.northwestern.edu/~kch479/docs/notes/linking.html

[evanpjensen]

http://paste.pound-python.org/raw/hXdUpFAjb4DcFlNgxtRV/

[evanpjensen]

http://pages.cs.wisc.edu/~zandy/p/hijack.c

[HockeyInJune]

@wontonSlim posted this, but I deleted it by accident:

• http:// www.sco.com/developers/gabi/latest/ch5.dynamic.html

---

• http://archive.cert.uni-stuttgart.de/bugtraq/2004/01/msg00002.html
• http://www.phrack.org/issues.html?issue=63&id=11