Today I will show you how to make a metasploit exploit really quickly.
This tutorial is mainly applied to stack based buffer overflows and seh buffer overflows exploits .There is a simple way for rop exploits too but I will dedicate a special tutorial on this subject.
I will use an existing vulnerability in freefloat ftp server https://www.exploit-db.com/exploits/23243/
and the tools that I am going to use are:
download link: http://www.immunityinc.com/products/debugger/
download link: https://github.com/corelan/mona
Simply drop mona.py into the 'PyCommands' folder (inside the Immunity Debugger application folder).
Manual for Mona.py
-Windows XP-SP3 (target)
-Kali Linux (attacker)
It is included in Kali Linux
//Also If you are new to exploit development It is better to read first
my other tutorials about this subject to give you an idea about debuggers, fuzzing, reverse engineering etc.
Since we already know(we have studied the exploit on exploit-db) that the bytes that will create Buffer Overflow are 1000 we will use a pattern with 1000 characters and we will send It to the FTP server's command port, port 21.
After the execution of this script we can see on the Immunity Debugger that EIP is overwritten.This is the simplest scenario on Exploit Development but is not always so unusuall.
Now that the characters are written in the memory you type on the command line of Immunity Debugger:
! Mona suggest
Because It is ftp server we select network client tcp
and port 21
Then a ruby file will be created (the exploits in metasploit are written in ruby) and I will make some minor changes and I will name It f.rb
Example(you can make whatever modification you want)
After the modifications I will transfer the exploit to Kali Linux and I have to copy the exploit from root
Now I will open FreeFloat ftp server on my windows machine and I will test my exploit
and then we can see that the metasploit-framework recognizes the exploit that we have made
and It is completely functional...
Want to help support Null Byte and start making your own money as a white hat hacker? Jump start your White-Hat Hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.