Book Image

Mastering Metasploit. - Second Edition

By : Nipun Jaswal
Book Image

Mastering Metasploit. - Second Edition

By: Nipun Jaswal

Overview of this book

Metasploit is a popular penetration testing framework that has one of the largest exploit databases around. This book will show you exactly how to prepare yourself against the attacks you will face every day by simulating real-world possibilities. We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You’ll get to know about the basics of programming Metasploit modules as a refresher, and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit. In the next section, you’ll develop the ability to perform testing on various services such as SCADA, databases, IoT, mobile, tablets, and many more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework. By the end of the book, you will be trained specifically on time-saving techniques using Metasploit.
Table of Contents (17 chapters)
Mastering Metasploit
Credits
Foreword
About the Author
About the Reviewer
www.PacktPub.com
Preface

Exploiting stack-based buffer overflows with Metasploit


The buffer overflow vulnerability is an anomaly where, while writing data to the buffer, it overruns the buffer size and overwrites the memory addresses. A very simple example of buffer overflow is shown in the following diagram:

The left side of the preceding screenshot shows what an application looks like. However, the right side denotes the application's behavior when a buffer overflow condition is met.

So, how can we take an advantage of buffer overflow vulnerability? The answer is straightforward. If we know the exact amount of data that will overwrite everything just before the start of EIP, we can put anything in the EIP and control the address of the next instruction to be processed. Therefore, the first thing is to figure out exact number of bytes that are good enough to fill everything before the start of the EIP. We will see in the upcoming sections how can we find the exact number of bytes using Metasploit utilities.

Crashing...