Handy Tools and Commands useful during Exploit Development.
Fuzzing with SPIKE
Below is a sample script file which initially waits for one second then starts reading the lines sent by the server and sends “LOGIN user passwd” to server and again reads the reply from server.
Having the application/service attached to a debugger check if the application crashes anywhere and if it does, then identify things like Crash Point, Registers you can control, Total Buffer length.
Find offset using Metasploit
Handy Mona Commands while debugging
Download mona from corelan and place “mona.py” file in “PyCommands” folder of immunity debugger.
Payload Generation with MSFvenom
Compiling & Extract shellcode from a Binary
Basically this will loop through the memory and searches for the string “w00t”(\x77\x30\x30\x74). Once it finds the string or the egg “w00t” one after the other “w00tw00t” in memory, it will break out of the loop and continous to execute the shellcode placed immediatley after “w00tw00t”.
Basic Exploit skeleton
Handy program capable of extracting the address of a specific functions within a given DLL, utility can be downloaded from Fuzz Security.