Search

Buffer overflow Beginner To Advance part1

Greeting Everyone! Today we will learn how to exploit buffer overflow using with immunity debugger and mona modules.

Steps I covered in buffer overflow.

  • Spiking
  • Fuzzing
  • Finding the offset
  • Overwriting the EIP (Extended instruction pointer)
  • Finding the bad characters
  • Finding the right module
  • Generate shell code and gain shells

Download vuln-server https://github.com/stephenbradshaw/vulnserver

Download immunity debugger  https://www.immunityinc.com/products/debugger/

Download the mona module https://github.com/corelan/mona

What is buffer overflow?

Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to another. A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations.

For example, a buffer for log-in credentials may be designed to expect username and password inputs of 8 bytes, so if a transaction involves an input of 10 bytes (that is, 2 bytes more than expected), the program may write the excess data past the buffer boundary.

Buffer overflows can affect all types of software. They typically result from malformed inputs or failure to allocate enough space for the buffer. If the transaction overwrites executable code, it can cause the program to behave unpredictably and generate incorrect results, memory access errors, or crashes.

Buffer overflow Beginner To Advance part1

Setup mona module :-

copy mona.py from download folder then go to C:Program FilesImmunity IncImmunity DebuggerPyCommands and paste mona.py

Now right click on immunity debugger and run as administrator When Immunity loads, click the open file icon, or choose File -> Open. Navigate to the vulnserver folder location and then select vulnserver.exe and click on “open” by default application paused    click on play button to run the vulnserver

Buffer overflow Beginner To Advance part1

1. Spiking –  If the software running with two or more input parameters so we can use a spiking script to check which input parameter is vulnerable to buffer overflow vulnerability. When we connect with nc to vuln-server there is one option present HELP now we see too many options. We will check each an every option with spiking.

Buffer overflow Beginner To Advance part1

Spiking script – now we create a spiking script I know the TRUN parameter is vulnerable but you can try with each and every parameter.

Where choose input parameter:-  in the s_string(“ VALUE ”) put the name of parameter.

Save file with .spk extension

  • s_readline();
  • s_string(“TRUN “);
  • s_string_variable(“0”);

Now the time to run the script

generic_send_tcp <ip of target machine> 1337 spiking.spk 0 0

Buffer overflow Beginner To Advance part1

After some time vulnserver stopped responding

Buffer overflow Beginner To Advance part1

Conclusion :-  In this section we learned  what is buffer overflow attack, download vulnserver, download immunity debugger, how to set up mona module, how to spinking every input parameter for check buffer overflow vulnerability. In the upcoming section I will cover all the process one by one.

Thanks For Reading……. See You In Another Blog!

Stick With Our Blog: Click Here

Author

Shubham Jaiswal

WEB VAPT (Intern)

Table of Contents

Social Media
Facebook
Twitter
WhatsApp
LinkedIn