Metasploit mailing list archives
aggressive.rb
From: sam.mcingvale at u.northwestern.edu (Samuel McIngvale)
Date: Wed, 17 Oct 2007 10:38:54 -0500
The second part of the question deals with how the vulnerable server actually works. Essentially, all testsvr.c does is read in shellcode and then execute it. This happens a these lines: funct = (int (*)()) buf; (int)(*funct)(); I was wondering if there was an equivalent way to do this in ruby (execute the shellcode). That way, the entire vulnerable server could be something like (using metasploit functions): create_tcp_Server buf = sock.get() return into buf # somehow execute buf, which is just shellcode Thanks. On 10/16/07, mmiller at hick.org <mmiller at hick.org> wrote:
On Tue, Oct 16, 2007 at 09:46:20PM -0500, Samuel McIngvale wrote:I was wondering if the source code for the service aggressive.rbexploits is available anywhere. I know I could write something, but I'm reallyhopingmy laziness pays off. However, I was considering writing somethingusingthe tcp_server methods metasploit makes available, the only problem is I don't know how to simply execute shellcode in ruby. Any ideas as to how this works would be helpful and may stimulate me to actually write some original code.I committed the source/binary for the test server that can be used with the test/aggressive exploit. You can find it in trunk under: documentation/samples/vulnapps/testsrv I'm not sure what you mean by the second part of your question. Ruby doesn't actually execute the shellcode, it just generates a buffer containing the shellcode and passes it over the wire to the target. The target eventually executes the shellcode.
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071017/4f99f058/attachment.htm>
Current thread:
- aggressive.rb Samuel McIngvale (Oct 16)
- aggressive.rb mmiller at hick.org (Oct 16)
- aggressive.rb Samuel McIngvale (Oct 17)
- aggressive.rb mmiller at hick.org (Oct 17)
- aggressive.rb Samuel McIngvale (Oct 17)
- aggressive.rb mmiller at hick.org (Oct 16)