Guide to Basic Exploit Writing by dearmo
==================================================
9. Generating the Shellcode
We will make use of msfpayload and msfencode to generate our shellcode. (If you want to create your own shellcode, you will need to know some C and assembly language, as well as how to use a linker and an assembler e.g. nasm. Again, that's another story.)
Let's use a reverse shell as our payload. Use the command below to see a summary.
Now fill in LHOST as 192.168.7 (use the ip of your attacking machine), generate the payload in raw format and pipe it into msfencode. Also tell msfencode not to use x00, x0a or x0d during the encoding process, and to output the shellcode in C format. Note that the encoder may generate something slightly different each time it runs. Explore using EXITFUNC=thread etc if you want.
==================================================
10. Putting it All Together
Replace the "evil" lines in exploit.py with the following:
Before you run the exploit.py again, open up another terminal and set up a netcat listener at port 4444:
Now run exploit.py. You should be able to get a shell on your netcat listener.
==================================================
9. Generating the Shellcode
We will make use of msfpayload and msfencode to generate our shellcode. (If you want to create your own shellcode, you will need to know some C and assembly language, as well as how to use a linker and an assembler e.g. nasm. Again, that's another story.)
Let's use a reverse shell as our payload. Use the command below to see a summary.
Code
Now fill in LHOST as 192.168.7 (use the ip of your attacking machine), generate the payload in raw format and pipe it into msfencode. Also tell msfencode not to use x00, x0a or x0d during the encoding process, and to output the shellcode in C format. Note that the encoder may generate something slightly different each time it runs. Explore using EXITFUNC=thread etc if you want.
Code
==================================================
10. Putting it All Together
Replace the "evil" lines in exploit.py with the following:
Code
Before you run the exploit.py again, open up another terminal and set up a netcat listener at port 4444:
Code
Now run exploit.py. You should be able to get a shell on your netcat listener.
No comments:
Post a Comment