Guys, looking for some advice from those more knowledgeable than myself. Without giving too much away I'm trying to prove a vulnerability and determine how a bad guy broke into a server.

I believe the entry point to be a vulnerable FTP service/daemon, I've got a PoC for metasploit (.pm) which appears to be successful but framework 2 doesn't have any valid shellcode modules for my system architecture. I believe I've got a few options to go down and was hoping someone could either advise on the best route, or point out something simple that I've missed.

Possible options:

• Hard-code shellcode into framework 2 module
• Port PoC exploit to Framework 3's ruby
• Port a shellcode module from framework3 to framework 2
• Take PoC  as guide and create custom exploit for my own testing
• .....

Each looks theoretically possible, but each also looks like it would take some time. Whilst I don't mind putting in the effort to learn something new (workload permitting I may try each for learning purposes) but I'm on a schedule to get the vulnerability cleaned up and accounted for so could do with some advice.

Thanks in advance,
RR