How to Create a Metasploit Exploit in Few Minutes

Today I will show you how to make a metasploit exploit really quickly.

This tutorial is mainly applied to stack based buffer overflows and seh buffer overflows exploits .There is a simple way for rop exploits too but I will dedicate a special tutorial on this subject.

I will use an existing vulnerability in freefloat ftp server https://www.exploit-db.com/exploits/23243/

and the tools that I am going to use are:

-Immunity debugger
download link: http://www.immunityinc.com/products/debugger/

-Mona.py
download link: https://github.com/corelan/mona
Simply drop mona.py into the 'PyCommands' folder (inside the Immunity Debugger application folder).

Manual for Mona.py
https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/

-Windows XP-SP3 (target)

-Kali Linux (attacker)

-Metasploit-Framework
It is included in Kali Linux

//Also If you are new to exploit development It is better to read first
my other tutorials about this subject to give you an idea about debuggers, fuzzing, reverse engineering etc.

Let's Begin!

Step 1: Pseudo-Fuzzing
Since we already know(we have studied the exploit on exploit-db) that the bytes that will create Buffer Overflow are 1000 we will use a pattern with 1000 characters and we will send It to the FTP server's command port, port 21.


After the execution of this script we can see on the Immunity Debugger that EIP is overwritten.This is the simplest scenario on Exploit Development but is not always so unusuall


Step 2: Mona
Now that the characters are written in the memory you type on the command line of Immunity Debugger:

! Mona suggest

Because It is ftp server we select network client tcp

and port 21

Step 3: Exploit
Then a ruby file will be created (the exploits in metasploit are written in ruby) and I will make some minor changes and I will name It f.rb

Example(you can make whatever modification you want)

Before

After

Step 4: From Exploit to Metasploit
After the modifications I will transfer the exploit to Kali Linux and I have to copy the exploit from root

to metasploit-framework

Step 5: Proof of Concept
Now I will open FreeFloat ftp server on my windows machine and I will test my exploit

and then we can see that the metasploit-framework recognizes the exploit that we have made

and It is completely functional...


Share on Google Plus

About Twelve Monks

    Blogger Comment
    Facebook Comment

0 σχόλια:

Δημοσίευση σχολίου