Chapter 19. Fuzzing, Porting Exploits, and Metasploit Modules
In this chapter, we will review a few more basic exploit development techniques. We will look at using a technique called fuzzing to find potential exploits in vulnerable programs. We will also cover working with public exploit code and safely porting it to meet our needs, as well the basics of building our own Metasploit modules. Finally, we will discuss some of the exploitation mitigation techniques that our targets may have in place.
Fuzzing Programs
In Chapter 17, we exploited War-FTP version 1.65âs Username field buffer overflow with a 1,100-byte exploit string. The natural question is, how did we know that 1,100 As in the Username field would crash the program, and, more importantly, ...
Get Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
