aggressive.rb

[sam.mcingvale at u.northwestern.edu (Samuel McIngvale)]

The second part of the question deals with how the vulnerable server
actually works.  Essentially, all testsvr.c does is read in shellcode and
then execute it.  This happens a these lines:

funct = (int (*)()) buf;
(int)(*funct)();

I was wondering if there was an equivalent way to do this in ruby (execute
the shellcode).  That way, the entire vulnerable server could be something
like (using metasploit functions):

create_tcp_Server
buf = sock.get()
return into buf  # somehow execute buf, which is just shellcode

Thanks.

On 10/16/07, mmiller at hick.org <mmiller at hick.org> wrote:
> On Tue, Oct 16, 2007 at 09:46:20PM -0500, Samuel McIngvale wrote:
> > I was wondering if the source code for the service aggressive.rbexploits is
> > available anywhere.  I know I could write something, but I'm really
> hoping
> > my laziness pays off.  However, I was considering writing something
> using
> > the tcp_server methods metasploit makes available, the only problem is I
> > don't know how to simply execute shellcode in ruby.  Any ideas as to how
> > this works would be helpful and may stimulate me to actually write some
> > original code.
>
> I committed the source/binary for the test server that can be used with
> the test/aggressive exploit.  You can find it in trunk under:
>
> documentation/samples/vulnapps/testsrv
>
> I'm not sure what you mean by the second part of your question.  Ruby
> doesn't actually execute the shellcode, it just generates a buffer
> containing the shellcode and passes it over the wire to the target.  The
> target eventually executes the shellcode.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071017/4f99f058/attachment.htm>