• Slides (start at slide 25)

As mentioned in the video, the homework for this week is to turn your exploit for homework.exe into a Metasploit Module. The best documentation for Metasploit is online and it is probably easiest to find a sample exploit and work from there. The Metasploit wikibook has a page on writing Windows exploits that is a good place to start. Keep in mind, though, that the exploit in the wikibook uses the send_cmd function, which is FTP specific. You will want to use "sock.put" instead.

For some good examples, look at the following modules included with Metasploit:

• modules/exploits/windows/lpd/niprint.rb
• modules/exploits/windows/proxy/ccproxy_telnet_ping.rb

As a final note, the instructors strongly suggest that you launch your Metasploit exploits from Linux, OSX, or Cygwin on Windows (essentially, anything but the Windows installer).

Reading Material

• A collection of win32 shellcode
• Win32 Assembly Components by LSD
• UNIX Assembly Codes Development for Vulnerabilities Illustration Purposes by LSD
• Return-Oriented Programming: Exploits Without Code Injection
• Attacking the Core: Kernel Exploiting Notes
• Offensive Security's Metasploit Unleashed open course

If you passed this section with ease and understand most of the reading material above, you might want to try taking Immunity's Network Offense Professional certification. Good luck!

• Slides

Your assignment is to write an exploit for homework.exe on Windows 2000 using the attached shellcode. The shellcode is provided as a Ruby string, but an exploit written in any language is acceptable (Perl, Python, C, etc.).

• homework.exe
• shellcode.rb

Reading Material

• The demo.exe binary and its source code
• Advanced Windows Buffer Overflows (AWBOs)
• Guide to the AWBOs
• MS08-067 - Sourcefire Vulnerability Research Team Report
• Peter Van Eeckhoutte's Exploit Writing Tutorials

A video I made that shows basic debugging for exploit development with a vulnerability in WarFTPD 1.65.