Doona (BSWR)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

6 minutes
Video Transcription
hello and welcome to another episode of breaking stuff with Robert today we're talking about Dona. Now Duma is a very specific tool that's, you know, fork from the brute force Exploit, detector tool or bed for short.
And it focuses on things like buffer, overflow, attacks or exploitation. Looks at things like format string bugs.
And so it's going to be very specific to a targeted audience. Now, if you're you know, kind of a hobbyist and you're wanting to use the tool, the test, maybe an application that you put together or a website that you own, then by all means, the tool is is here and is available. But
if your system security analysts looking to test sites for buffer overflow, the tool would be very good and automating that on application developer looking to do some automated buffer overflow testing or maybe a way of application pen tester looking too quickly, test for
buffer overflow in other types of format string bugs and things of that nature within a site. Now,
some pre requisites. It would be good to have a fundamental knowledge of how buffer overflow attacks work, how format string bugs happen and how those things work. But you don't have to again have that knowledge to kind of get the gist of the tool and this video
and is always a fundamental knowledge of Cali Lennox. Command line utilization is beneficial in
using this tool, and watching this video is well so with that in mind, let's jump into our demo
Welcome, everybody. So right out the gate, you may notice that I've already got some things running here, and that's because this particular
tool takes a very alone time to run. I actually started running the Tool Duma and around 9 17 and a CZ you can tell down here by the time it's already 9 42 So the tools been running
for close to an hour. It's got, you know, about 20 more minutes or so on, and it's gone through about 15 of the 37 tests
now, Um, as you can see here, I use Dash in to use the H T T P module of this. And then my target was my medicine portable machine on Port 80.
Now what this tool essentially does is is it's testing for, like, buffer overflow on, essentially in a nutshell. again very high level. It's it's taking information, putting it in an allocated space, trying to overwrite that space and essentially impact the program or the page or the inputs and so
we can get into execution flow and how applications were supposed to gracefully fell on how pages air supposed to accept information.
But again, this is just a overview. But to give you an idea of what this tools doing, I did start a wire shark packet capture, which is a tool that allows you to capture packets and information.
And so, as you can see here,
the I p of my Callie boxes 1 33
My target system is 1 30 so is this test has been running. I've been doing a pea cap,
as you can see here,
and so
source and destination is essentially the source system. The Menace portable system is replying to the system, which is doing the testing.
And so, in this case, like where I've got 1 33 which is the Cali system. Sending
information, as you can see here is just sending a slew of characters and information attempting to
test this particular system for buffer over for Flo vulnerabilities and exploitation. So it's putting a set of characters in the packet over and over again, and it's essentially sending those over and is taking in the response
Now. I'm not going to run this to the end of the video to get the completed results. But essentially, if buffer overflow is what you need to test for in a particular page or application, let's just pull up some of the help menu here.
As you can see, a few of the other modules include FTP it conducive things with l'm. I'm at Pa RT s P SMTP etcetera. So you conducing testing there with those different modules, you can change the ports that you want to test again. So if you're testing against,
uh, you know FTP aunt on alternative port aside from 21 or if you're doing something against
443 instead of http, you can change that up there and do some of those things as well
in the documentation for the tool of it does give you this dash M to use and kind of exit after a minimum number of checks. But I found that that doesn't really give me any additional information. So I was running the tool without the dash M. And as you can see here, it's going to go through this the full
scope of testing for buffer overflow exploits. And so
if you're looking for a way to automate that and really not, you know, you something like a de bugger right out the gate, you wanna maybe let this tool run and get some coffee and then come back later and see what it's done? You can definitely do so.
And so with that in mind, let's go ahead and jump back into our slides.
Well, I hope you enjoyed that demo of Dune again. The test in the actual process of that tool running takes an extremely long amount of time. Which is why I wanted to show you be a wire shark. How the tool was exchanging information and how it was testing for in this case, buffer overflow vulnerabilities within
the Medicis point page that we had presented as the target
again. You know, you could probably do buffer overflow testing a lot quicker than this tool could run. To be honest with you, even after the demo, I let the tool run for another hour. And it started on additional series of tests that I did not finish and go through for format string checks and things of that nature. So,
um, I have done buffer overflow exploitation before in my O. S. C. P. And I can tell you that I was able to use a debunker
and kind of, you know, find us a simple buffer overflow exploit that I could take advantage of relatively quickly compared to this tool. But if you want to go get some coffee and run the tool and then come back later and see what the results were, You know, by all means, don't let that scare you away.
So with those things in mind, I want to thank you for your time today, and I look forward to seeing you again soon.