Explore the intricacies of designing and implementing a universal Meterpreter payload in this 52-minute conference talk from NolaCon 2017. Delve into embedded exploitation, the Giant Robot Spider Project, and the fundamentals of Meterpreter. Learn about interpreters, shell code, position-independent executables, and various payload systems across Linux, Solaris, and Windows platforms. Discover techniques for system detection, compatibility layers, and object-oriented C programming. Gain insights into event loops, magic thread pools, and addressing challenges with older CPUs. Conclude with practical demos on building multi-payloads, reverse HTTP, and debugging techniques, equipping you with essential knowledge for advanced payload development and exploitation.
Overview
Syllabus
Intro
Welcome
Assumptions
About Brent
Main Motivation
Embedded Exploitation
Giant Robot Spider Project
Building a Workshop
Starting from the Beginning
What is Meterpreter
Interpreters
Bourne Shell
Why did someone need it
Under the Radar
Breaking Point
Custom Hardware
Full Chain
Embedded Pilot Collection
Exploitation
Shell Code
Position Independent Executable
Initial Stack
Auxiliary Vector
Linux
Solaris
Windows
Other payloads
LibbyNet
DoNotCigar
OpenSSL
Bed TLS
Curl
Payload
System Detection
Compatibility Layers
Limit H
CRT
Conditional Compilation
ObjectOriented C
Working Directory
Event Loop
Magic Thread Pool
The Bug
Old CPUs
Make files
Exploit
Delete old code
New implementation
Other features
Whats next
Have a need
Demos
Getting Started
Clean Up
Build Curl
Multi Payload
Reverse HTTP
Help Screen
Debug
Automate
