Metasploit mailing list archives
Porting exploit to win2k3 sp2
From: jerome.athias at free.fr (Jerome Athias)
Date: Fri, 27 Jul 2007 17:27:11 +0200
Konrads Smelkovs wrote :
Hello, I found a useful exploit in the framework - 3cdaemon_ftp_user.rb . However, it has the jumpcodes(?) only for nt/2k/xp and I need it for win2k3 sp2. How to port it? Perhaps somebody already has done so? -- Konrads Smelkovs Applied IT sorcery.
Hi Konrads, the jumpcodes (called "opcodes" in the Metasploit's familly) have to be modified. In fact, you have to add a new line, as a new target, in the exploit module code. To retrieve an opcode for your target, you have to: 1) Search one in the msfopcodes database http://www.metasploit.com/opcode_database.html or here: https://www.securinfos.info/international-opcodes/index.php (not updated actually :-/) or 2) Run one of this tool on it (or on a clone. means: same OS, locale, SP, and if possible level of patches installed, assuming all are installed is a good way): * msfpescan (used with memdump.exe) You can find an overview of msfpescan here: The Metasploit's website! always THE place to find information about the MSF The Metasploit Framework's book: http://en.wikibooks.org/wiki/Metasploit/WritingWindowsExploit#Finding_a_return_address hxxp://www.securityfocus.com/infocus/1800 or: * findjmp2 by class101 https://www.securinfos.info/outils-securite-hacking/Findjmp2.zip * eereap by eEye Good luck! /JA Jerome Athias, Founder https://www.securinfos.info PS1: you should have to: change the offset and/or deal with the new protection mechanisms introduced in Windows 2003 (DEP...) PS2: i have written an article for Hakin9 about how to write exploit modules for the MSF v3. It should be available in the coming months (in both US and French version) PS3: is copyrighted by Sony Non-profit spam: retrieve the top killer coding ninja monkeys at VNSECON07, http://conf.vnsecurity.net/ Tags: How to modify a Metasploit's exploit module How to retrieve a return address (opcode) for a Windows exploit How to add a target in a Metasploit Framework exploit module -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3253 bytes Desc: S/MIME Cryptographic Signature URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070727/48d62cc7/attachment.bin>
Current thread:
- Porting exploit to win2k3 sp2 Konrads Smelkovs (Jul 27)
- Porting exploit to win2k3 sp2 Jerome Athias (Jul 27)