NetSec

Ramblings of a NetSec addict

Converting Metasploit Module to Stand Alone

Sometimes you might want to have a stand alone exploit, but the only option out there is a Metasploit module. Sure you could always just fire up Metasploit and use it… but what fun would that be? Besides it’s great to understand what’s going on under the hood of the Metasploit modules for both getting a handle on writing your own exploits and in the future even writing your own Metasploit modules and contributing back to the fantastic project.

Requirements

  • Windows XP – SP3 Virtual Machine (Victim).
  • Kali Linux Virtual Machine (Attacker).
  • Allied Telesyn TFTP Server 1.9 (Available here).
  • A willingness to give things a go.

[Read more…]

Simple Buffer Overflows

This post will detail how to find a simple buffer overflow, gather the information you need to successfully exploit it and how to eventually get a reverse shell against someone running this program. There are ton’s of exploits that be used for an example, but this post will highlight PCMan’s FTP Server 2.0.7, simply because it was one of the first ones I found on exploit-db and it was relatively simple.

Requirements
The following is the ideal requirements for following the guide. If you cannot or don’t wish to use identical software or versions that’s fine, but I can’t guarantee that you won’t need to make modifications to get a proof of concept working.

  • Windows XP – SP3 Virtual Machine (Victim).
  • Kali Linux Virtual Machine (Attacker).
  • OllyDbg v1.10 on Windows XP (Available here).
  • PCMan’s FTP Server 2.0.7 (Available here under ‘vulnerable application’ link at the top of the page).
  • A very basic understanding of x86 Assembly.
  • A very basic understanding of Python.
  • Be interested enough to learn and experiment.

[Read more…]