Posts Tagged ‘module’
Starting to write Immunity Debugger PyCommands : my cheatsheet
Author: Peter Van Eeckhoutte
Add this post to Your Favorite Posts
When I started Win32 exploit development many years ago, my preferred debugger at the time was WinDbg (and some Olly). While Windbg is a great and fast debugger, I quickly figured out that some additional/external tools were required to improve my exploit development experience. Despite the fact that the command line oriented approach in windbg has many advantages, it appeared not the best tool to search for good jump addresses, or to list non-safeseh compiled / non-aslr aware modules, etc…. Ok, looking for a simple “jmp esp” is trivial, but what if you are looking for all pop pop ret combinations in non-safeseh compiled modules… Not an easy task. It is perfectly possible to build plugins for Windbg, but the ones that I have found (MSEC, byakugan (Metasploit)) don’t always work the way I want them …
Posted in 001_Security, Development, Exploit Writing Tutorials, Scripts | 
Tags: api, assemble, cheatsheet, debugger, disassemble, immlib, immunity, immunity debugger, module, plugin, pycommand, python, readmemory, script | 
5 Comments »
Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics
Author: Peter Van Eeckhoutte
Add this post to Your Favorite Posts
In the first parts of the exploit writing tutorial, I have discussed some common vulnerabilities that can lead to 2 types of exploits : stack based buffer overflows (with direct EIP overwrite), and stack based buffer overflows that take advantage of SEH chains. In my examples, I have used perl to demonstrate how to build a working exploit. Obviously, writing exploits is not limited to perl only. I guess every programming language could be used to write exploits… so you can just pick the one that you are most familiar with. (python, c, c++, C#, etc) Despite the fact that these custom written exploits will work just fine, it may be nice to be able to include your own exploits in the metasploit framework in order to take advantage of some of the unique metasploit features. So …
Posted in 001_Security, Exploit Writing Tutorials, Exploits |
Tags: buffer, check, custom vulnserver, encoder, exe, exe windows, exploit, exploit custom, Exploits, include, initialize, metasploit, meterpreter, module, msf, msf exploit, msf/core, offset, payload, port, print, rb, require, ruby, shellcode, socket, vulnserver, windows, windows system |
7 Comments »
Creating and installing lzm modules in Backtrack 2
Author: Peter Van Eeckhoutte
Add this post to Your Favorite Posts
Today, I will explain how you can create your own lzm modules & patch the backtrack 2 final ISO file (by adding your new module).
First of all, get a fresh copy of the bt2final.iso file from http://www.remote-exploit.org/backtrack_download.html
Write the ISO file to a CD and boot from the CD. This will load the bt2final version. By default, if you make changes to the live cd, the changes will be lost after rebooting the CD. You can of course install Backtrack to harddisk or a USB stick and install your patches afterwards, but you would still create some scripts to make sure changes to the filesystem are stored and used next time.
So ideally, you would want to include your custom scripts, new tools, updated tools or drivers into the ISO file, so you can use it to either boot from …