How to Practice Buffer Overflows

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
21 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
22
Video Transcription
00:00
introduction to buffer overflows.
00:04
How to practice buffer overflows
00:07
are learning objective is to identify resources available to practice buffer overflows.
00:14
So the legendary buffer overflow, this is something that you need to practice and get good at.
00:20
Um Again I can't give away anything about. Oh SCP
00:24
but in the course material they show you and go through a buffer overflow.
00:29
If you're also thinking about doing E C P P T. As a pathway to. Oh SCP
00:34
the buffer overflow is very important as well.
00:38
You'll notice that a lot of people when they write or give interest to buffer overflows,
00:44
they're using older machines. Maybe it's Windows XP A 32 bit system and X 86 execute herbal something that's older. So that's why I do have that Windows XP Vm. I have old school is to practice all my buffer overflows on.
01:00
So what you also need to do on your vulnerable machine is you need to install immunity D bugger, which is what they have in the P W. K. Material and you put that on your vulnerable machine. Again, if you're practicing this or planning to e C P P. T.
01:15
Uh you definitely need to get a VM and install immunity to bugger on it. And you also need to install python the X 86 version
01:26
as well as Mona. And that will help you run different mona modules which you'll see later and why that's important.
01:37
So I just want to give you some resources other than this course, if you want to practise buffer overflows I would say after over everything that I practiced,
01:45
I practiced buffer overflow the most and it was a good strategy um I would say that also doing hands on cts and labs is also important. So don't put everything on the buffer overflow. The buffer overflow is important but it's not the most important thing to do
02:04
so balance your time accordingly.
02:07
One resource is this war ftp version 1.65
02:12
in George's book penetration testing, a hands on approach. You need to have an older VM for this. You need to have Windows XP. It won't work on newer. Os is it won't work on Windows 10.
02:23
Wouldn't work on windows seven for me. So it did work on Windows XP.
02:30
There is also free float FTp server.
02:35
All these things you can download or at least this one you can download exploit dB
02:39
and there's also a medium article walkthrough on it. Look at people's walk throughs and see how they, how they do this. Some people's techniques are better than others. Some people, as you can tell, have more programming skills than other people.
02:54
I don't have a very big development background. So I typically just go off of the demos that they give the P W K methodology, so that's what I use, but uh you'll see what will be using. Um there is a whole right up on it and the guy obviously
03:12
is a developer and his coding is beautiful, for lack of a better word.
03:19
There's also many share 1 4.1 another exploit DB
03:23
um where you can download it, remote buffer overflow. There's an info Sec Institute article walkthrough on this. Don't worry about the bitterly link.
03:32
Um but you should be able to get to this
03:37
walk through and again, it's it's a nice walk through. I encourage you to read through it and again, if you want to do this many share 1.4 point one, um that's where you can find it on exploit dB,
03:49
das stack buffer buffer overflow. Good is what we're gonna be using. There's a whole right up on this. The guy has a whole pdf that's why I chose this one is because this guy is right up is great. He walks you through everything. So
04:03
you know, in essence you have another instructor, you have a pdf that you can look through
04:09
to help you with the buffer overflow. I practice this his way, I practice the, practice the P W K way and you'll see when we walk through it, how I go through it, you find your own strategy,
04:24
but ultimately you're going to need to figure out how to write something like this up
04:29
and logically coherently and understand the process.
04:33
Mhm.
04:35
So in summary, you should now be able to identify the resources available to practice buffer overflows
04:42
and we'll be getting a lot of hands on practice as we continue through this module.
04:48
Yeah.
Up Next
Offensive Penetration Testing

The Offensive Penetration Testing course opens the doors to those wanting to begin a penetration testing career. This course will prepare learners to begin their pentesting career journey by understanding what tools, techniques, and resources are available for someone starting out in offensive penetration testing.

Instructed By