Ok, i understand the principles of all this.
Just a couple of questions so i can understand if i need to be explain etc.
in first python script when you did
import socket
and then the ip.
QUESTION 1
Obviously this ip is the ip of the server that you would be testing i take it and you replace that with the ip of the server.
Answer :
QUESTION 2
When you use the TRUN command and the period etc to send the initial string to immunity.
If was testing someones server how do i know what command to use thats bit i don't get?
it is always the trun command or was that an example?
ANSWER :
QUESTION 3
You said that JMP ESP is what you look for but it could have been the return when it didn't inititally populate the EIP.
Could be any command in there then if you try all the JMP ESP in any of them that say false and if none of them work
you have to move onto other assembly commands or should one of them work.
ANSWER :
QUESTION 4
When you ran nasm to get hex for JMP ESP i guess you don't need to keep doing that.Once you know the hex you know
and that'll we same on any system you test?
ANSWER:
Most of the rest made sense to me
Thanks