Windows Exploit Development Basics
◾
281
For !mona to work, we first need to set up a working folder, where mona will store everything.
You can set it up by issuing the following command:
!mona config -set workingfolder C:\mona\%p
Figuring Out Bad Characters with Mona
To figure out bad characters with mona we first need to generate a byte array. We will exclude the
\x00 and \x0a from it with the –b parameter as they are known bad
characters which might not
allow our exploit to function properly. The command looks as follows:
!mona bytearray –b '\x00\x0a'
This will generate a byte array of all the printable and nonprintable ASCII characters excluding
the \x00 and x0a.
282
◾
Ethical Hacking and Penetration Testing Guide
We would now send this code to the application and then we would
use mona to compare the
contents of the file with the contents of the memory. We will compare the bytearray.bin file, which
is located under
c:\mona\no _ name\bytearray.bin.
Command
:
!mona compare –f c:\mona\no_name\bytearray.bin
Upon execution, a file named compare.txt is created. Press Ctrl+F
and look for the keyword
“bad chars”; it tells us that 0d is the bad character. So we need to filter 0d from our shellcode for
our exploit to work.
