[framework] aggressive.rb
Samuel McIngvale
sam.mcingvale at u.northwestern.edu
Wed Oct 17 10:38:54 CDT 2007
The second part of the question deals with how the vulnerable server
actually works. Essentially, all testsvr.c does is read in shellcode and
then execute it. This happens a these lines:
funct = (int (*)()) buf;
(int)(*funct)();
I was wondering if there was an equivalent way to do this in ruby (execute
the shellcode). That way, the entire vulnerable server could be something
like (using metasploit functions):
create_tcp_Server
buf = sock.get()
return into buf # somehow execute buf, which is just shellcode
Thanks.
On 10/16/07, mmiller at hick.org <mmiller at hick.org> wrote:
>
> On Tue, Oct 16, 2007 at 09:46:20PM -0500, Samuel McIngvale wrote:
> > I was wondering if the source code for the service aggressive.rbexploits is
> > available anywhere. I know I could write something, but I'm really
> hoping
> > my laziness pays off. However, I was considering writing something
> using
> > the tcp_server methods metasploit makes available, the only problem is I
> > don't know how to simply execute shellcode in ruby. Any ideas as to how
> > this works would be helpful and may stimulate me to actually write some
> > original code.
>
> I committed the source/binary for the test server that can be used with
> the test/aggressive exploit. You can find it in trunk under:
>
> documentation/samples/vulnapps/testsrv
>
> I'm not sure what you mean by the second part of your question. Ruby
> doesn't actually execute the shellcode, it just generates a buffer
> containing the shellcode and passes it over the wire to the target. The
> target eventually executes the shellcode.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20071017/4f99f058/attachment.htm
More information about the framework
mailing list