Advanced Penetration Testing Notes

Verifying offsets

off set was by 4 bytes due to how the compiler does it’s thing different compilers may have different offsets btw once you know the buffer size then you want to try with that size of buffer and even with a larger buffer to verify that it works [view]

By: sirrush | Related Lesson: Exploit Development (part 9) Verifying Offsets | Modified: August 6, 2017

Cyclic

Cyclic figuring out which characters are overwriting EIP create a pattern for example a loop would work for this well ! python print( ”A” , buff++) check if a targeted program has a rebase where it can move around false is a good result a [view]

By: sirrush | Related Lesson: Exploit Development (part 8) Creating a Cyclic Pattern | Modified: August 6, 2017

Network based

Network based exploit ( remote)XAMPP using FTP/warftpd hook up program to debugger Immunity Debugger or WinDBG pauses when debugger attaches so must keep running the service or program in question correct syntax for the service being connected too ca [view]

By: sirrush | Related Lesson: Exploit Development (part 7) Network Based Exploits and Debuggers | Modified: August 6, 2017

Network based

Network based exploit ( remote)   [view]

By: sirrush | Related Lesson: Exploit Development (part 7) Network Based Exploits and Debuggers | Modified: August 6, 2017

execution

exploiting by executing unintended source code. the ”A” is padding so you can access the address $(python -c ’print ”A”*9 + ”\x08\x04\c83\xf4” ’) ^^ forces a specific memory address to be overwritten en [view]

By: sirrush | Related Lesson: Exploit Development (part 6) Executing Unintended Code | Modified: August 6, 2017

Python

Exploit dev in python in gdb $(python -c ’print ”A” * 9 + ”B” *4’) will be AAAAAAAABBBB because count starts at 0 use disassemble functionName to see how the memory stack is being push’ed and pop’ed for [view]

By: sirrush | Related Lesson: Exploit Development (part 5) Python | Modified: August 6, 2017

aa

aa [view]

By: natxoru | Related Lesson: Linux (part 5) IP Addressing and netcat | Modified: August 6, 2017

Compilers

GCC and other compilers come with linux can setup flags and debugging options remember exceptions it will not compile warnings it will still compile gdb a debugger breakpoints pauses the program so dev can see what the program is doing   [view]

By: sirrush | Related Lesson: Exploit Development (part 4) GNU Compilers | Modified: August 6, 2017

stack frame

having a exploit skeleton helps with rapid development. strcpy doesn’t check if it has the proper amount of memory allocated to the stack so it will overwrite other parts of the memory. [view]

By: sirrush | Related Lesson: Exploit Development (part 3) Stack Frame for Function | Modified: August 6, 2017

Exploit Dev2

exploit dev2   EIP- Extended Instruction Pointer esp- stack pointer ebp base pointer esi- source index edi – destination index eax- accumulator ebx base ecx counter edx data   Last in first out regarding data; grows from high to low seems ups [view]

By: sirrush | Related Lesson: Exploit Development (part 2) A Program in Memory | Modified: August 6, 2017

« First ‹ Previous 1 6 96 104 105 106 107 108 116 206 243 Next › Last »

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel