Hello my name is guiltyfan and I will be needing some serious help today. for my uni coursework i need to write exploit for one of the holes in win xp sp3 i decided to chose MS08-067(i am working with clear instalation of sp3 no patches and no updates) my problem is i am not familiar with rpc methodology and dont have a clue how malicious rpc messege shold look like. i would apreciate any help in that matter. i dont want ready work or code itself since it should be learning process not copy/paste. i still have like 6 weeks so its plenty of time to learn this and that i just need a starting point and some guide lines. thanks for your time

ps. i am aware this hole has and exploit in metasploit but as i said its coursework and learning process.

Developing my first exploit took me a total of 17 days, 17 days of pain

My first exploit took advantage of a BoF in a free FTP server, so was completely remote

I downloaded a vulnerable app from exploit-db.com, after that I completely ignored the original exploit and built my own fuzzer in python

I did everything manually to hopefully get me to truely understand every step that was happening

I knew about the theory behing a BoF exploit, but I'd never seen one nor had I used one, so I was completely in the dark here, but Google was there for me

The fuzzer that I made was taken from a few sources and I edited the code to suit my needs, and finally after my fuzzer was working as intended (I had to learn some python code) I managed to crash the application

The first stage took me only a few hours, but find EIP and ESP took much much longer, I think I spent 2 days on finding EIP as the random chars stuff to find out what bytes reside at EIP didn't work for me, at the time I just did it manually, but I'm glad I did now as I feel that I truely understand the concepts behind stack based buffer overflows

well first of all thanks for response.

@cd1zz i found that rfc and had a brief look it seams like a nice source of info i will read the whole thing tomorow in my lab sesion

@TheXero i have done some BoF before although it wasnt very successful i figured it would be trouble some and because i wasnt that intrested in hacking and exploit at that point of time i kind of skiped this part. now i see i was a fool

@apollo just like rfc i will have a read in my lab sesion tomorow, and also i decided i would program it in ruby sincei have some previous experience with it.

thanks for help guys i really apreciate it. i might not replay to posts for next couple of days as i would like to get some practical done but if  ever get stuck i will bug you again