WonderHowToGadget HacksNext RealityNull Byte

How to Create a Metasploit Exploit in Few Minutes

Feb 6, 2016 08:31 PM
635903575935924941.jpg

Today I will show you how to make a metasploit exploit really quickly.

This tutorial is mainly applied to stack based buffer overflows and seh buffer overflows exploits .There is a simple way for rop exploits too but I will dedicate a special tutorial on this subject.

I will use an existing vulnerability in freefloat ftp server https://www.exploit-db.com/exploits/23243/

and the tools that I am going to use are:

-Immunity debugger

download link: http://www.immunityinc.com/products/debugger/

-Mona.py

download link: https://github.com/corelan/mona

Simply drop mona.py into the 'PyCommands' folder (inside the Immunity Debugger application folder).

Manual for Mona.py

https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/

-Windows XP-SP3 (target)

-Kali Linux (attacker)

-Metasploit-Framework

It is included in Kali Linux

//Also If you are new to exploit development It is better to read first

my other tutorials about this subject to give you an idea about debuggers, fuzzing, reverse engineering etc.

Let's Begin!

Step 1: Pseudo-Fuzzing

Since we already know(we have studied the exploit on exploit-db) that the bytes that will create Buffer Overflow are 1000 we will use a pattern with 1000 characters and we will send It to the FTP server's command port, port 21.

635903547442090976.jpg

After the execution of this script we can see on the Immunity Debugger that EIP is overwritten.This is the simplest scenario on Exploit Development but is not always so unusuall.

635903548140426388.jpg

Step 2: Mona

Now that the characters are written in the memory you type on the command line of Immunity Debugger:

! Mona suggest

Because It is ftp server we select network client tcp

635903551396083135.jpg

and port 21

635903552681974401.jpg

Step 3: Exploit

Then a ruby file will be created (the exploits in metasploit are written in ruby) and I will make some minor changes and I will name It f.rb

Example(you can make whatever modification you want)

Before

635903554400149577.jpg

After

635903554889875071.jpg

Step 4: From Exploit to Metasploit

After the modifications I will transfer the exploit to Kali Linux and I have to copy the exploit from root

635903556756738635.jpg

to metasploit-framework

635903557245995343.jpg

Step 5: Proof of Concept

Now I will open FreeFloat ftp server on my windows machine and I will test my exploit

635903559903565895.jpg

and then we can see that the metasploit-framework recognizes the exploit that we have made

635903560894134510.jpg

and It is completely functional...

635903561303385010.jpg

Related Articles

635211718118959676.jpg

How to Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
636212669962372391.jpg

How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More

Comments

No Comments Exist

Be the first, drop a comment!