background image

C R E A T I N G   Y O U R   O W N   E X P L O I T S

As a penetration tester, you will frequently encounter 
applications for which no Metasploit modules are avail-
able. In such situations, you can attempt to uncover 
vulnerabilities in the application and develop your own 
exploits for them.

One of the easiest ways to discover a vulnerability is to fuzz the applica-

tion. 

Fuzz testing

 is the act of sending invalid, unexpected, or malformed ran-

dom data to an application and monitoring it for exceptions such as crashes. 
If a vulnerability is found, you can work to develop an exploit for it. Fuzzing 
is a vast topic and entire books have been written on the subject. We will only 
briefly scratch the surface of fuzzing prior to moving on and developing a 
working exploit module.

In this chapter we’ll walk you though the process of identifying a vulner-

ability via fuzzing and exploit development, using the known vulnerability in 
NetWin SurgeMail 3.8k4-4, discovered by Matteo Memelli (ryujin) and available 
at 

http://www.exploit-db.com/exploits/5259/

. This application had a vulnerabil-

ity that made it improperly handle overly long 

LIST

 commands, resulting in a 

stack overflow that let an attacker execute code remotely.