Setting up the Environment

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
21 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
22
Video Transcription
00:00
setting up the environment
00:02
are learning objective is to understand how to set up the environment to practice the buffer overflow.
00:10
So, first things first, I want to give credit to Justin steven here
00:14
for making this vulnerable program
00:17
and also creating the tutorial to go through. It explains why the program is vulnerable. There's a lot of detail about it and I suggest or recommend that you read through it. So you understand why we're able to uh to take advantage of this buffer overflow attack for do stack
00:36
buffer overflow good is execute Herbal
00:39
and here's the pdf. You'll notice that he added python three to this. Why did he do that? Because
00:44
Recently I think last year we switched over to Python three from Python two. So if you go to the command prompt then you type in Python version.
00:55
If I just type in Python, it's going to use Python 3.9.1.
01:00
The way he wrote it first was using Python two. And how we know that is the test script that he used.
01:10
We can see us using python to well, how do I do that?
01:14
How I do that is I do period forward slash in this directory
01:19
and then I
01:21
execute this. And that will use python two instead of python three.
01:26
So what I'm gonna do
01:29
is that a remote desktop over to our vulnerable Windows machine?
01:33
This is a Windows Machine that I downloaded from the Microsoft Developer site. Uh these are free to use for 30 days, 30 day trial.
01:41
Um But here I have my user, my host, username password and full screen. Full screen makes things a lot easier for you.
01:49
But then you might go, oh no, how do I get out of here?
01:51
Well, you do control, alternate enter or format control option enter. I'll try that now
01:59
and you can see it takes us out of full screen mode but I want to stay in full screen mode to show you this
02:06
so you'll notice we have immunity to bugger here. We have our do stack buffer overflow. Good here.
02:13
And what I'll be doing a lot
02:15
is I'll be attaching or opening this program. You can do it two ways.
02:21
You can open up immunity. D bugger,
02:23
you can do file open
02:29
and here's the execute Herbal.
02:30
You'll notice it pops up here but it's going to pause
02:37
so you need to hit this
02:38
play button here maybe more than once to make sure the program is running.
02:45
So you can either do it that way
02:47
or
02:49
looks out of here. I'll launch the program
02:53
then I'll launch immediately. D bugger
02:57
file attach,
03:00
find it here, attach.
03:07
Yeah.
03:08
And again it will pause it and I'll need to hit play to make sure that it's running
03:15
now. What I want to do
03:21
as you'll see coming out of full screen mode. It's really hard to see now
03:25
but I will
03:28
minimize this
03:30
and I want to launch this here. Let me let me make it nicer for you.
03:37
This is the test script he has in his pdf so he really does a great job using comments setting the I. P. So of course we have to set that to the I. P. Of our victim host. The port is gonna be the same. Elite.
03:49
We're creating this TCP connection here. We're building a little message where a buffer will go right now just as buffer script
03:57
we send it
04:00
it prints out what we sent,
04:01
receive some data and then it prints out what we receive.
04:05
So we should be able to execute this
04:11
and see what happens.
04:14
So he sent sent python script received. Hello, python script. It's very friendly.
04:20
Mhm.
04:23
If we go back to full screen mode here,
04:27
you'll notice if we go back to our program, we see that connection that came through and how many bytes were received and how many bytes were sent.
04:36
The next step is to fund the program and see if it crashes
04:42
by sending a long string of A's. So stay tuned for our fuzzing next.
04:50
So in summary, we should now understand how to set up the environment to practice the buffer overflow.
Up Next
Offensive Penetration Testing

The Offensive Penetration Testing course opens the doors to those wanting to begin a penetration testing career. This course will prepare learners to begin their pentesting career journey by understanding what tools, techniques, and resources are available for someone starting out in offensive penetration testing.

Instructed By