If calc did
not pop up for you, a small adjustment to your offset will likely fix the problem. Poke
around in memory until you find the location of your shellcode and point the return
address at that memory location.
Real-World Windows Exploit Example
In this section, we will use OllyDbg and Metasploit to build on the previously learned
Linux exploit development process. We will teach you how to go from a basic vulnerability
advisory to a basic proof of concept exploit.
Exploit Development Process Review
As you recall from the previous chapters, the exploit development process is
??? Control eip
??? Determine the offset(s)
??? Determine the attack vector
??? Build the exploit sandwich
??? Test the exploit
??? Debug the exploit if needed
NIPrint Server
The NIPrint server is a network printer daemon that receives print jobs via the platformindependent
printing protocol called LPR. In 2003, an advisory warned of a buffer overflow
vulnerability that might be triggered by sending more than 60 bytes to port
TCP 515.
At this point we will set up the vulnerable 4.x NIPrint?„? server on a VMWare?„? guest virtual
machine.We will use VMWare because it allows us to start, stop, and restart our virtual
machine much more quickly than rebooting.
Pages:
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489