Thursday, December 17, 2009
Advisory To Exploit Using Metasploit
The purpose of this paper is to show the process of taking a vulnerability advisory and turning it into a working real world exploit. To show the process we will be utilizing some tools such as IDA Pro from Hex-Rays, Filemon and PipeList from Microsoft SysInternals, along with the Metasploit Framework. IDA Pro will be used to reverse engineer the application and the Metasploit Framework will be used to test and develop the exploit code. While IDA Pro is the only tool in the arsenal which is a commercial tool it is worth noting that Ollydbg or Windbg could be used for the same reverse engineering process. You could also opt to use the free version of IDA Pro 4.9 available on the Hex-Rays website.