Friday, January 7, 2011

Fuzzing and Exploit Development with Metasploit - Louisville Metasploit Class

Originally posted on: TUESDAY, MAY 4, 2010 AT 5:17PM

On May 8th the Kentucky ISSA held a training in Louisville, KY. I was asked to teach the section on Fuzzing and Exploit Development. Having only an hour to cover this VERY complex topic I demonstrated a basic buffer overflow. We start with fuzzing and go through the basic steps of development. This is an old, well known exploit but it demonstrates the important principles. Feel free to follow along with the videos and post any questions in the comments section.





Talk: Video

Slides: Download

Download Immunity DBG - Go To Immunity

Download Files - Here



Copy the simple_fuzzer.rb file to %MSFROOT%/modules/auxiliary/fuzzers/tftp/

Copy the tftp32-* files to %MSFROOT%/modules/exploit/windows/priv/

Note: In backtrack %MSFROOT% is /pentest/exploit/framework3

Note: You will need to create the tftp and priv folders.



Part One - Fuzzing with Metasploit



Part Two - Finding EIP


Part Three - Build the Exploit


Part Four - Find EIP Offset


Part Five - Add and Test EIP Overwrite


Part Six - Add Shellcode

5 comments:

  1. Hi NullThreat,

    Unable to Access files & Slides @
    http://dl.dropbox.com/u/5871175/SploitClass.zip
    http://dl.dropbox.com/u/5871175/metasploitclass.pdf

    Access Denied. So Could you please share it again..

    ReplyDelete
  2. Infosec,

    The links seem to be working, If you are still having trouble email me at nullthreat(AT)gmail(DOT)com

    ReplyDelete
  3. have you tried creating a fuzzer for webs?

    ReplyDelete
  4. Hey, I just finished watching this (actually got it as one big AVI off Crenshaw's site) and this is some really, really great stuff. Can you point me in the right direction to get good at this quickly?

    I'm looking to:
    (*) Learn shellcoding
    (*) Learn to use a debugger in this capacity
    (*) Learn all those fun little tricks besides the really basic exploit you showed that everybody kept teasing you for
    (*) Learn what I'm supposed to be asking to learn.

    I've got a working knowledge of assembler from core war and some programming experience, but no network programming experience, so that's probably something I should look into as well.

    Thanks in advance

    ReplyDelete
  5. Very nice tutorials on Fuzzing, keep posting, we have a lake of documentation about fuzzing when it comes to direct application.

    ReplyDelete