This tool is used to find/calculateĀ the offset in an exploit string where your address to overwrite EIP should be. This is the same as the Metasploit, pvefindaddr, and Mona scripts: pattern_create and pattern_offset.
Step 1 | Step 2 |
| Normal Extended Custom SettingsFirst SetSecond Set Third Set | |
Explanation
After proving that a program is exploitable(typically with "AAAAA...", etc), use Step 1 to create a string where every set of 4 consecutive characters are unique. Use this string in place of the "AAAAA..." or such overflow string, and (using a debugger) copy the value of EIP (ex. "0x61433861") after it fails (segmentation fault, etc). Paste this 4-byte value into Step 2, and push the button to find the offset where the shellcode/NOP slide address should appear in the overflow string.NOTE: If the "extended" string set, or a custom string set is used in Step 1, then the identical string set must be used in Step 2 to get the correct offset.
To Do This currently only supports printable-ascii characters, but I will be adding support for non-printable-ascii characters in the format \xNN as time allows. Could also use more error checking to prevent accidental mistakes.
If you are not sure how this tool works, or are otherwise new to software security, vulnerabilities, and hacking, I would highly recommend the book “Hacking: The Art of Exploitation”. It is the easiest to read and understand book I have found on the subject (affiliate link below).
