O'Reilly logo

Metasploit by Mati Aharoni, Devon Kearns, Jim O'Gorman, David Kennedy

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Porting a Buffer Overflow

Our first example is a typical remote buffer overflow that needs only a jump to the extended stack pointer (JMP ESP) instruction to reach the shellcode. This exploit, called the “MailCarrier 2.51 SMTP EHLO / HELO Buffer Overflow Exploit,” uses MailCarrier 2.51 SMTP commands to cause a buffer overflow.

Note

You’ll find the exploit and a vulnerable application at http://www.exploit-db.com/exploits/598/.

But this is an older exploit, originally written for Windows 2000. When you run it now, it doesn’t work quite as you’d expect. Conveniently, a Metasploit module is already in the Framework to implement this exploit, although it could use some improvement. After a little time investigating with varying buffer lengths, you will ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required