Daily Archives: June 28, 2015

Home » June 2015 » Archives for June 28, 2015

Metasploit: Writing an Exploit

Advanced Ethical Hacking Institute in Pune
Improving our Exploit Development
Previously we looked at Fuzzing an IMAP server in the Simple IMAP Fuzzer section. At the end of that effort we found that we could overwrite EIP, making ESP the only register pointing to a memory location under our control (4 bytes after our return address). We can […]

By |June 28th, 2015|Metasploit|

Metasploit: MSFrop

Advanced Ethical Hacking Institute in Pune
Searching code vulnerabilities with MSFrop
As you develop exploits for newer versions of the Windows operation systems, you will find that they now have Data Execution Prevention (DEP) enabled by default. DEP prevents shellcode from being executed on the stack and has forced exploit developers to find a way around this mitigation […]

By |June 28th, 2015|Metasploit|

Metasploit: Alphanumeric Shellcode

Advanced Ethical Hacking Institute in Pune
Generating Alphanumeric Shellcode with Metasploit
There are cases where you need to obtain a pure alphanumeric shellcode because of character filtering in the exploited application. The Metasploit Framework can generate alphanumeric shellcode easily through Msfencode. For example, to generate a mixed alphanumeric uppercase and lowercase encoded shellcode, we can use the following command:

 
root@kali:~# […]

By |June 28th, 2015|Metasploit|

Metasploit: MSFvenom

Advanced Ethical Hacking Institute in Pune
Using the MSFvenom Command Line Interface
msfvenom is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework instance. Note: msfvenom will replace both msfpayload and msfencode as of June 8th, 2015.

The advantages of msfvenom are:

One single tool
Standardized command line options
Increased speed

Msfvenom has a wide range of […]

By |June 28th, 2015|Metasploit|

Metasploit: Exploit Payloads

Advanced Ethical Hacking Institute in Pune

Working with Exploit Payloads
Metasploit helps deliver our exploit payloads against a target system. When creating an Exploit Payload, we have several things to consider, from the operating system architecture, to anti-virus, IDS, IPS, etc. In evading detection of our exploits we will want to encode our payloads to remove any bad characters and add some […]

By |June 28th, 2015|Metasploit|

Metasploit: Exploit Targets

Advanced Ethical Hacking Institute in Pune
Coding Exploit Targets in your Metasploit Module
Exploits define a list of targets that includes a name, number, and options. Targets are specified by number when launched.

Sample Target Code for an Exploit Module:

 
‘Targets’ =>
[
[…]

By |June 28th, 2015|Metasploit|

Metasploit: Exploit Mixins

Advanced Ethical Hacking Institute in Pune
Working with Exploit Mixins
 
Exploit::Remote::Tcp
Code:
lib/msf/core/exploit/tcp.rb
Provides TCP options and methods.

Defines RHOST, RPORT, ConnectTimeout
Provides connect(), disconnect()
Creates self.sock as the global socket
Offers SSL, Proxies, CPORT, CHOST
Evasion via small segment sends
Exposes user options as methods – rhost() rport() ssl()

 
Exploit::Remote::DCERPC
Code:
lib/msf/core/exploit/dcerpc.rb
Inherits from the TCP mixin and has the following methods and options:

dcerpc_handle()
dcerpc_bind()
dcerpc_call()
Supports IPS evasion methods with multi-context BIND […]

By |June 28th, 2015|Metasploit|

Metasploit: Exploit Module Format

Advanced Ethical Hacking Institute in Pune
Formatting our Exploit Module
The format of an Exploit Module in Metasploit is similar to that of an Auxiliary Module but there are more fields.

There is always a Payload Information Block. An Exploit without a Payload is simply an Auxiliary Module.
A listing of available Targets is outlined.
Instead of defining run(), exploit() and […]

By |June 28th, 2015|Metasploit|

Metasploit: Exploit Development

Advanced Ethical Hacking Institute in Pune
Exploit Development in the Metasploit Framework
Next, we are going to cover one of the most well known and popular aspects of the Metasploit Framework, exploit development. In this section, we are going to show how utilizing the Framework for exploit development allows you to concentrate on what is unique about the […]

By |June 28th, 2015|Metasploit|

Metasploit: Simple IMAP Fuzzer

Advanced Ethical Hacking Institute in Pune
Writing our own IMAP Fuzzer Tool
During a host reconnaissance session we discovered an IMAP Mail server which is known to be vulnerable to a buffer overflow attack (Surgemail 3.8k4-4). We found an advisory for the vulnerability but can’t find any working exploits in theMetasploit database nor on the internet. We then […]

By |June 28th, 2015|Metasploit|