Today I will show you how to make a metasploit exploit really quickly.
This tutorial is mainly applied to stack based buffer overflows and seh buffer overflows exploits .There is a simple way for rop exploits too but I will dedicate a special tutorial on this subject.
I will use an existing vulnerability in freefloat ftp server https://www.exploit-db.com/exploits/23243/
and the tools that I am going to use are:
-Immunity debugger
download link: http://www.immunityinc.com/products/debugger/
-Mona.py
download link: https://github.com/corelan/mona
Simply drop mona.py into the 'PyCommands' folder (inside the Immunity Debugger application folder).
Manual for Mona.py
https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/
-Windows XP-SP3 (target)
-Kali Linux (attacker)
-Metasploit-Framework
It is included in Kali Linux
//Also If you are new to exploit development It is better to read first
my other tutorials about this subject to give you an idea about debuggers, fuzzing, reverse engineering etc.
Let's Begin!
Step 1: Pseudo-Fuzzing
Since we already know(we have studied the exploit on exploit-db) that the bytes that will create Buffer Overflow are 1000 we will use a pattern with 1000 characters and we will send It to the FTP server's command port, port 21.
After the execution of this script we can see on the Immunity Debugger that EIP is overwritten.This is the simplest scenario on Exploit Development but is not always so unusuall
Step 2: Mona
Now that the characters are written in the memory you type on the command line of Immunity Debugger:
! Mona suggest
Because It is ftp server we select network client tcp
and port 21
Step 3: Exploit
Then a ruby file will be created (the exploits in metasploit are written in ruby) and I will make some minor changes and I will name It f.rb
Example(you can make whatever modification you want)
Before
After
Step 4: From Exploit to Metasploit
After the modifications I will transfer the exploit to Kali Linux and I have to copy the exploit from root
to metasploit-framework
Step 5: Proof of Concept
Now I will open FreeFloat ftp server on my windows machine and I will test my exploit
and then we can see that the metasploit-framework recognizes the exploit that we have made
and It is completely functional...
This tutorial is mainly applied to stack based buffer overflows and seh buffer overflows exploits .There is a simple way for rop exploits too but I will dedicate a special tutorial on this subject.
I will use an existing vulnerability in freefloat ftp server https://www.exploit-db.com/exploits/23243/
and the tools that I am going to use are:
-Immunity debugger
download link: http://www.immunityinc.com/products/debugger/
-Mona.py
download link: https://github.com/corelan/mona
Simply drop mona.py into the 'PyCommands' folder (inside the Immunity Debugger application folder).
Manual for Mona.py
https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/
-Windows XP-SP3 (target)
-Kali Linux (attacker)
-Metasploit-Framework
It is included in Kali Linux
//Also If you are new to exploit development It is better to read first
my other tutorials about this subject to give you an idea about debuggers, fuzzing, reverse engineering etc.
Let's Begin!
Step 1: Pseudo-Fuzzing
Since we already know(we have studied the exploit on exploit-db) that the bytes that will create Buffer Overflow are 1000 we will use a pattern with 1000 characters and we will send It to the FTP server's command port, port 21.
After the execution of this script we can see on the Immunity Debugger that EIP is overwritten.This is the simplest scenario on Exploit Development but is not always so unusuall
Step 2: Mona
Now that the characters are written in the memory you type on the command line of Immunity Debugger:
! Mona suggest
Because It is ftp server we select network client tcp
and port 21
Step 3: Exploit
Then a ruby file will be created (the exploits in metasploit are written in ruby) and I will make some minor changes and I will name It f.rb
Example(you can make whatever modification you want)
Before
After
Step 4: From Exploit to Metasploit
After the modifications I will transfer the exploit to Kali Linux and I have to copy the exploit from root
to metasploit-framework
Step 5: Proof of Concept
Now I will open FreeFloat ftp server on my windows machine and I will test my exploit
and then we can see that the metasploit-framework recognizes the exploit that we have made
and It is completely functional...
0 σχόλια:
Δημοσίευση σχολίου