MSF Exploit writing little tutorial

[tyronmiller at gmail.com (Ty Miller)]

Hi Jerome,

Nice work. The article is really good.

I have been a pen tester for a while and have been meaning to get into
exploit development over the past few months, but haven't managed to find a
descent exploit tutorial - especially using Metasploit.

If anyone has any suggestions as to what I should do or read to get myself
up to speed in exploit development, it would be appreciated if you could
pass on your handy hints.

Thanks,
Ty

-----Original Message-----
From: Jerome Athias [mailto:jerome.athias at free.fr] 
Sent: Tuesday, 19 December 2006 9:21 PM
To: framework at metasploit.com
Subject: [framework] MSF Exploit writing little tutorial

by: Cyberheb

| --- Intro

Hi there, 

I made this article in order to show you about using metasploit framework
for creating exploit.

Through this article, i'll show you how to make simple exploit which is part
of metasploit framework and use it's 
feature to make exploit development more efficient. First of all, we need to
create simple vulnerable server which can 
be exploited, this vulnerable server has stack buffer overflow hole and easy
to be exploited. I'll take this simple 
vulnerable server from preddy's article which was posted for milw0rm few
months ago (see under reference for preddy's 
article), you can look at preddy's article for the detail on exploiting this
server application. I'll only show you 
some important detail related to this article.


http://www.milw0rm.com/papers/125

...




    MERRY CHRISTMAS!              __ _ __ ___
          &                  _ __'.:;.:;.:;.:`
    HAPPY NEW YEAR!        _'.:;.:;.:;.:;.:;.:`
                          '.:. , :`,.,`;'/`__ _` _
                         '..:;.;'.:,.;.:;\      (_)
                       -__ --_-_-_-__---_-)
                      (                    )
   ____               (_- -__-_-__-____-__-)
  /####\ /\            |  ,~~~'  `~~~.   %@
  |#####\#|             )  ><@>  <@><    %@%
  |#######|            /      /          %@p
   \######|            ( *   (_c)   * )  % %      .0day0day.
    |#####|             \ '%@%@%@%@`, %@%@       .0day0day\x.
    /#####\         _ _ d%@ `----' @%@%@ \ _ _ _.0day0day0dayz.
    ~~~~~~~       ':;.;%@@%@%@%@%@%@@%p  /.:;.:;0day0day0daymsf.
     `.:;.'     ':;.;%@@%@%@@%@%@%@%@ :: ____xxx0day0day0day0day.
     :.:;.:`   ':;.:d%@%@%@%@%@%@@%@%.:;/####\/\.:;\x0day0day0day
     :.:;.:;` ';.;;.%@%@@%@%@@%@%@%@p.:;|#####\#|.:;\x0day0day0day.
     :.:;.:;./;.;;.;%@%@%@%@%@%@%@%@ ::.'\######|.:;\\x0day0day0day
     :.:;.:;.|:.;.;.% %@%@%@%@%@% % :  ..\\#####|.:;.\\x0day0daymsf
     :.:;.:;/:;.;.:;.q%@%@@%@%@ %p.:;.%hdm|#####\.:;.\\x0day0day\x
     :.:;.:;|:;.:;.;;;%@%@@% %.:;.:;.r00t. ~~~~~~ .:;.|x0day0day\x.
     :.:;.:/.:;.:;.:;.: o  .:;.:;.:;....:;/.:;.:;\.:;.|\x0day0dayz.
      `.:;.|:;.:;;;.:;.    .:;;;;;;;;;;;;;|.:;.:;.\.:;\\x0day0day.
       `::/:;;;.:;;.:; o  .:;.;;.:;;;.:;.:|.:;.:;.:\.:;\\x0dayvnm
          ;.:;;.:;;.:     :;;;.:;.:;.:;.:;\.:;.:;.:;.:;|xxmsfxx.
          :::;.:;.:;. o  ..:;.:;.:;;;;.;;;;\.:;.:;.:;.:|msfmsf.
          :::;.:;;.:     .:;;;;;;;;.:;.:;;;|.:;.:;.:;./mm\xm.
          ;.:;.:;.;. o   .:;.;.:;;.:;.:;.:;.\________/mmmsf.
          :.:;;;.;;;     .:;;.:;.:;;.:;.:;.:;.;.:;;;;`mmsf
           `#######xMSFxx###########################
            #######xMSFxx###########################
           '::;;;.;; o  :;;;.:;.:;;.;;;;;;;;;;;.:;.:`  (H.Classen)

/JA