Finding Bad Characters

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
21 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
22
Video Transcription
00:01
finding bad characters
00:03
are learning objective is to understand how to find bad characters.
00:08
I did a lot of buffer overflow practice and I can tell you that the biggest mistake I made
00:14
was just skipping over this part.
00:17
Do not skip over this part. You'll thank me later. Finding bad characters is very important and I'll show you how
00:30
so now that we've figured out how to control the iP, I've written another program with bad characters. The thing is we don't know which characters will cause the program
00:39
to act in a certain way that we're not aware of. We typically skip
00:45
00 because that's the null byte which will terminate the remainder of the remainder of the shell code. So it's always a bad character. So I start with one, you'll notice I go all the way to ff here
00:58
and I'm using this to try to figure out if there is some character that if we put it in our shell code will cause the shell code do not work and crash the program and therefore us not get a shell.
01:11
So I will send this. You'll notice you know I have my offset of 146, I have my bees and now I'm adding all these bad characters to figure out which ones are bad.
01:23
So let's send this
01:26
and let's go back.
01:30
Let's see what we have. So obviously the program has crashed.
01:36
Mhm.
01:40
So I'll go to E. S. P.
01:45
Mm.
01:49
Following dump
01:51
And you can see here 123456789 21 21 21 21.
02:00
So we have an issue here. If we look
02:05
back at our script
02:14
it should be a B C D E F. And so on.
02:20
Yeah.
02:20
So let's take out the A.
02:24
Save. It
02:28
should probably go back
02:30
and here and restart the program.
02:42
And the hope is that we see every character
02:45
without it causing it to not appear in memory.
02:53
So let's send this again.
02:59
Yeah
03:08
so now we can I mean this is a manual review. There are ways you can do with Mona. I suggest you research that
03:15
but I do it the hard way. 123456789 B. C. D E. F.
03:23
And like we saw it goes all the way to ff
03:29
and it doesn't look like anything's missing or has caused to crash. I also have read the guide
03:35
and he tells me that the only bad characters are 00 and a zero.
03:40
So now I know what my bad characters are. Do not skip this. Do not skip this and make sure you carefully check
03:51
which characters are the bad characters. Because when you get to your shell code and you specify your bad characters and you miss one, it will cause your shell code not to work in the program to crash and you'll be wondering why. So
04:05
that's how to find bad characters.
04:11
So in summary, we should now understand how to find bad characters.
Up Next
Offensive Penetration Testing

The Offensive Penetration Testing course opens the doors to those wanting to begin a penetration testing career. This course will prepare learners to begin their pentesting career journey by understanding what tools, techniques, and resources are available for someone starting out in offensive penetration testing.

Instructed By