Other Runtime Patching Ideas

Upload and Run (or Proglet Server)

One interesting type of alternative payload is a mechanism that sits in a loop, receives shellcode, and then runs it, ad infinitum. This method gives you a quick and moderately easy way of repeatedly hitting a server with different small exploit fragments depending upon the situation. The term proglet describes these small programs ”apparently a proglet is defined as "the largest amount of code that can be written off the top of one's head, that does not need any editing, and that runs correctly the first time." (By this definition, the author's assembler proglets rarely exceed a handful of instructions).

The problems with proglets are:

1. Even though proglets are quite small, writing them can be tricky, because they need to be written in assembler.

2. There is no generic mechanism for determining the success or failure of a proglet, or even receiving simple output data from them.

3. If a proglet goes wrong, recovery can be quite tricky.

Even with the above problems, the proglet mechanism is still an improvement over one-shot, static exploits. Something a little grander and more dynamic would be preferable, however ”which brings us to syscall proxies.