metasploit tips

This simple information might be useful for you who use metasploit framework :-).


You will find out this EXITFUNC switch when you create a payload from metasploit framework.

What is Metasploit EXITFUNC?

This EXITFUNC option effectively sets a function hash in the payload that specifies a DLL and function to call when the payload is complete.

There are 4 different values for EXITFUNC : none, seh, thread and process. Usually it is set to thread or process, which corresponds to the ExitThread or ExitProcess calls. “none” technique will calls GetLastError, effectively a no-op. The thread will then continue executing, allowing you to simply cat multiple payloads together to be run in serial.

EXITFUNC will be useful in some cases where after you exploited a box, you need a clean exit, even unfortunately the biggest problem is that many payloads don’t have a clean execution path after the exitfunc 🙂 .

SEH This method should be used when there is a structured exception handler (SEH) that will restart the thread or process automatically when an error occurs.
THREAD This method is used in most exploitation scenarios where the exploited process (e.g. IE) runs the shellcode in a sub-thread and exiting this thread results in a working application/system (clean exit)
PROCESS This method should be used with multi/handler. This method should also be used with any exploit where a master process restarts it on exit.

Hope it useful 🙂

– See more at:


邮箱地址不会被公开。 必填项已用*标注