The InlineEgg library is a Python class for dynamically generating small assembly language programs. The most common use of this library is to quickly create advanced exploit payloads. This library was developed by Gera for use with Core ST's Impact product. Core has released this library to the public under a non-commercial license.
The Metasploit Framework supports InlineEgg payloads through the ExternalPayload module interface; this allows transparent support if the Python scripting language is installed. To enable the InlineEgg payloads, the EnablePython environment variable must be set to non-zero value. This change was made version 2.2 to speed up the module reload process. Starting with the 2.4 release, the Python interpreter is no longer included in the Windows installer.
This release includes InlineEgg examples for Linux, BSD, and Windows. The Linux examples are linux_ia32_reverse_ie, linux_ia32_bind_ie, and linux_ia32_reverse_xor. These payloads can be selected and used in the same way as any other payload. The payload contents are dynamically generated by the Python scripts in the payloads/external subdirectory. The BSD payloads function almost exactly the same as their Linux counterparts.
The Windows InlineEgg example is named win32_reverse_stg_ie and works in a slightly different fashion. This payload has an option named IEGG, this option specifies the path to the InlineEgg Python script that contains your final payload. This is a staged payload; the first stage is a standard reverse connect, the second stage sends the address of GetProcAddress and LoadLibraryA over the connection, and the third stage is generated locally and sent across the network. An example InlineEgg script is included in the payloads/external subdirectory, called win32_stg_winexec.py. For more information about InlineEgg, please see Gera's web site, located at:
http://community.corest.com/~gera/ProgrammingPearls/InlineEgg.html