Format string attacks remain difficult in both software and hackademic exercises as the techniques have not improved since their discovery. This session demonstrates advanced format string attack techniques designed to automate the process from creation to compromise as well as incorporate those techniques into the Metasploit framework. The audience is encouraged to bring a basic understanding of format string attacks in order to leave the presentation with the tools necessary to never write one again.
Install the latest version of the Metasploit 4 Framework (MSF4) on Ubuntu 11.04 Natty Narwhal using the following commands. This downloads and installs the generic Linux binary which comes bundled with all the necessary components you need for Metasploit to install and run. This should work for most users and is the easiest way to get Metasploit Framework running under Ubuntu and other Debian based Linux distros quickly.
In a Terminal type the following
If you’re installing on a 64bit build of Ubuntu, use this instead
This downloads the current version of the Metasploit framework via wget.
Before you can run the installer you need to make it executable.
chmod +x framework-4.*-linux-full.run
And now execute the installer.
Assuming all went well MSF 4 should now be installed. You should update it before running it.
Now run it.
You should now be rewarded by one of the awesome ascii art logos and a functional Metasploit install.
If this fails for any reason you’ll want to do a manual install instead, which is a bit more complicated but if followed correctly should get you up and running. Find the official directions at Rapid7