Hi, Today I learnt about the EXITFUNC option from the Metasploit's exploit options.
I would like to share it here
EXITFUNC option is set to 'thread' by default, and it works fine in most cases, so we don't usually look into it much. But in some situations specifying a different EXITFUNC is necessary so that you can have a clean exit from the exploited box.
There are 3 different values for EXITFUNC : thread, process, seh
thread: This method is used in most exploitation scenarios where the exploited process (e.g. IE) runs the shellcode in a sub-thread and exiting this thread results in a working application/system (clean exit)
process: This method should be used with multi/handler. This method should also be used with any exploit where a master process restarts it on exit.
seh: This method should be used when there is a structured exception handler (SEH) that will restart the thread or process automatically when an error occurs.