To port the PoC exploit to the Metasploit Framework, we can use the example.rb template in the /usr/share/metasploit-framework/modules/exploits folder.
- Now that we have enough information about how the PoC exploit works, we can start by including the mixins we will need:
include Msf::Exploit::Remote::Sehinclude Msf::Exploit::Remote::Egghunterinclude Msf::Exploit::Remote::HttpClient
- Then, we will specify the bad characters that should not be used in the payload:
'Payload' =>{ 'BadChars' => "\x00\x09\x0a\x0d\x20",},
- Next, we can move to the target information where we will specify the number of bytes needed to overflow the next SEH record in the Offset variable and the address of the POP POP RET instruction:
'Targets' ...