C R E A T I N G Y O U R O W N E X P L O I T S
As a penetration tester, you will frequently encounter
applications for which no Metasploit modules are avail-
able. In such situations, you can attempt to uncover
vulnerabilities in the application and develop your own
exploits for them.
One of the easiest ways to discover a vulnerability is to fuzz the applica-
tion.
Fuzz testing
is the act of sending invalid, unexpected, or malformed ran-
dom data to an application and monitoring it for exceptions such as crashes.
If a vulnerability is found, you can work to develop an exploit for it. Fuzzing
is a vast topic and entire books have been written on the subject. We will only
briefly scratch the surface of fuzzing prior to moving on and developing a
working exploit module.
In this chapter we’ll walk you though the process of identifying a vulner-
ability via fuzzing and exploit development, using the known vulnerability in
NetWin SurgeMail 3.8k4-4, discovered by Matteo Memelli (ryujin) and available
at
http://www.exploit-db.com/exploits/5259/
. This application had a vulnerabil-
ity that made it improperly handle overly long
LIST
commands, resulting in a
stack overflow that let an attacker execute code remotely.