.

Metasploit: forward/backward porting

<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 929

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Thu Dec 04, 2008 11:54 am

Metasploit: forward/backward porting

Guys, looking for some advice from those more knowledgeable than myself. Without giving too much away I'm trying to prove a vulnerability and determine how a bad guy broke into a server.

I believe the entry point to be a vulnerable FTP service/daemon, I've got a PoC for metasploit (.pm) which appears to be successful but framework 2 doesn't have any valid shellcode modules for my system architecture. I believe I've got a few options to go down and was hoping someone could either advise on the best route, or point out something simple that I've missed.

Possible options:
  • Hard-code shellcode into framework 2 module
  • Port PoC exploit to Framework 3's ruby
  • Port a shellcode module from framework3 to framework 2
  • Take PoC  as guide and create custom exploit for my own testing
  • .....

Each looks theoretically possible, but each also looks like it would take some time. Whilst I don't mind putting in the effort to learn something new (workload permitting I may try each for learning purposes) but I'm on a schedule to get the vulnerability cleaned up and accounted for so could do with some advice.

Thanks in advance,
RR
<<

apollo

User avatar

Full Member
Full Member

Posts: 147

Joined: Fri Apr 04, 2008 7:44 pm

Post Thu Dec 04, 2008 12:18 pm

Re: Metasploit: forward/backward porting

I would say it depends on the size and complexity of the exploit.  If it an extremely complex module, I'd backport shellcode from msf3, if it is a pretty simple one I'd port the exploit, or if you think you are going to use this exploit again in the future I'd port to msf3 since the options for things you can do seem to keep getting larger under the msf3 platform.

Also, in theory, you could hardcode your payload into the exploit with the perl output from msfpayload and then just use the handler capabilities of the module that you borrowed from msf3 with the closet things that mach in the msf2 framework. 
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 3 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software