Part 5 WebGoat BO OffByOne Lab
Video Activity
In this lab based lesson, participants receive step by step instructions to use Web Goat off by one to create a buffer overflow. By overpopulated text boxes with too much information, a buffer overflow situation is created through use of a buffer text file.
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
In this lab based lesson, participants receive step by step instructions to use Web Goat off by one to create a buffer overflow. By overpopulated text boxes with too much information, a buffer overflow situation is created through use of a buffer text file.
Video Transcription
00:04
Hello and welcome to the side. Very secure coding course my name Miss anywhere. And this is buffer Overflow Slab.
00:13
We will be using Web goat off by one.
00:17
This is the demo for buffer overflows off by one overflows. So we're using Web goat. You can get to this lesson from the buffer overflows menu.
00:29
It states the following Welcome to the O WASP Hotel. Can you find out which room of V I p guest staying in? In order to access the Internet, you need to provide us the following information.
00:43
So there's two steps to this,
00:46
and the 1st 1 is really just capturing hidden fields that might be in this form.
00:54
If you open up the burke sweet, you can see that there's an option under the proxy tab options
01:03
where you can unhygienic hidden form fields.
01:07
And so you'll wanna have that check box checked. It should be unchecked by default. So you want to go ahead and check that
01:17
you really don't have to do that. You could always view the source, but it makes it a little bit easier.
01:25
So then we'll go ahead and turn our interceptor on.
01:30
We'll fill out something on the first few fields. We don't know
01:34
the room number. That's really what we're trying to find out.
01:41
So here you can see the
01:42
form values,
01:45
and what we're gonna do is
01:49
we're actually going to create a buffer overflow situation. Now, how we're going to do that is we need to fill or overpopulate the tax box with too much information
02:04
and
02:05
the way to determine how much information would probably be in the increments of 10 24 2048
02:14
40 96. And so what I've done is I've created a buffer text file
02:21
and I've placed in there
02:23
4000 and 98 characters. Now you might be thinking,
02:29
Well, why do you have 4098? Why don't you just have 4097 in Lennox here? It's actually counting a no
02:39
at the end of this whole string.
02:43
And so I'm just adding an extra character.
02:47
So I've got 4000 and 98 characters. Of course, you can see they're all on one line so you could create your buffer like this,
02:59
and
03:00
what we're going to do is inside of burp
03:04
for the room number.
03:06
We're going to set that value
03:10
we're gonna paste from that file. That buffer
03:14
going to set the value of room number
03:16
two are overflowed. Buffer.
03:21
You gonna go ahead and forward that
03:23
now?
03:25
It's not revealing to us the information that we need to exploit yet because
03:32
what the programmer did is this is actually in two phases, we're gonna go ahead and accept the terms,
03:43
okay? And so you can see that this form carried the value that I had set for the buffer overflow.
03:51
Right? And it's tying it to the room number. Which makes sense, right? You're you're tying the price plan with the particular room that's going to pay that. So we're gonna forward this.
04:04
And so what happens is it actually reveals
04:10
information here. You can see that any of these names and given their room numbers will actually
04:18
solve for the lesson. What it's showing you is these are the names of people that have already paid
04:27
and their room numbers. And so you could use any of these to basically get free Internet.
04:34
So let's go ahead and take
04:38
Lewis Hamilton.
04:41
So it says to complete the lesson, restart
04:44
the lesson it entered the first and last name and its room. 991 restarted.
04:51
Turn off both.
05:09
And
05:12
you can see that now it is completed.
Up Next
Instructed By
Similar Content
