Type : Tips and Trick
This simple information might be useful for you who use metasploit framework :-).
You will find out this EXITFUNC switch when you create a payload from metasploit framework.
This EXITFUNC option effectively sets a function hash in the payload that specifies a DLL and function to call when the payload is complete.
There are 4 different values for EXITFUNC : none, seh, thread and process. Usually it is set to thread or process, which corresponds to the ExitThread or ExitProcess calls. "none" technique will calls GetLastError, effectively a no-op. The thread will then continue executing, allowing you to simply cat multiple payloads together to be run in serial.
EXITFUNC will be useful in some cases where after you exploited a box, you need a clean exit, even unfortunately the biggest problem is that many payloads don’t have a clean execution path after the exitfunc 🙂 .
|SEH||This method should be used when there is a structured exception handler (SEH) that will restart the thread or process automatically when an error occurs.|
|THREAD||This method is used in most exploitation scenarios where the exploited process (e.g. IE) runs the shellcode in a sub-thread and exiting this thread results in a working application/system (clean exit)|
|PROCESS||This method should be used with multi/handler. This method should also be used with any exploit where a master process restarts it on exit.|
Hope it useful 🙂