Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 42

Thread: Writing Buffer Overflow Exploits using BackTrack

  1. #11
    Just burned his ISO bostonlink's Avatar
    Join Date
    Jan 2010
    Location
    Boston MA
    Posts
    17

    Default Re: Writing Buffer Overflow Exploits using BackTrack

    Very nice tutorials, thanks for the effort and hard work. Your blog is set right in my bookmarks for reference.
    bostonlink - OSCP

  2. #12
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    5

    Default Re: Writing Buffer Overflow Exploits using BackTrack

    You say in your tutorials that you need to have remote desktop access for them to be able to work.

    In a real pen testing enviroment, do you try to get by that part, because as i can see, backtrack has no implanted program that allows you to attempt to audit remote desktop on a remote machine.

    Replies would be appriciated thanks.

  3. #13
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Writing Buffer Overflow Exploits using BackTrack

    Quote Originally Posted by blarch3030 View Post
    You say in your tutorials that you need to have remote desktop access for them to be able to work.

    In a real pen testing enviroment, do you try to get by that part, because as i can see, backtrack has no implanted program that allows you to attempt to audit remote desktop on a remote machine.

    Replies would be appriciated thanks.
    No, I didnt say remote desktop access was required to make the exploits work, I said you need it to follow my example method for writing an exploit. There is a world of difference there.

    You need to be able to get access to debugging information to write a buffer overflow exploit, which is why I recommend rdesktop access to a test system while you work through this process. This allows you to use a graphical debugger such as Ollydbg to monitor memory and CPU contents when an exploitable vulnerability is triggered.

    Once the exploit is complete, you dont need remote desktop access to run it.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #14
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    6

    Default Re: Writing Buffer Overflow Exploits using BackTrack

    Many Thanks.

    It is a very valuabl set of tutorials, I just read the first one and hopefully i will be reading the rest very soon.

  5. #15
    Junior Member
    Join Date
    Feb 2010
    Location
    on this page
    Posts
    34

    Default Re: Writing Buffer Overflow Exploits using BackTrack

    @lupin Big thanks these tutorials have really given me a well understanding of not only how to test the and find vulnerable software but also exploiting and giving me that remote shell back. Well done

    @ColForbin Thanks for the advice on PWB it is in the near future for me

  6. #16
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    7

    Default Re: Writing Buffer Overflow Exploits using BackTrack

    Thanks for such a superb set of tutorials, Lupin. These bring back fond memories from about 10 years ago when these vulnerabilities existed in almost every common daemon.

    You mention these were developed on XP SP2 and for the scope of your tutorials you recommend doing the same. However you don't specifically mention if SP3 has the same base address randomizing that Vista and Windows 7 does.

    Do you know if SP3 incorporates this protection? Or are the fixed address locations just different but static on SP3?

    The reason I ask is that I have a number of Win XP boxes. All SP3 so I can't recreate your examples identically but if it's just a case of finding the new locations of the DLL's in memory then I'll have a go at doing an SP3 version.

    Thanks for your time.

  7. #17
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Writing Buffer Overflow Exploits using BackTrack

    Quote Originally Posted by oldschool View Post
    Thanks for such a superb set of tutorials, Lupin. These bring back fond memories from about 10 years ago when these vulnerabilities existed in almost every common daemon.

    You mention these were developed on XP SP2 and for the scope of your tutorials you recommend doing the same. However you don't specifically mention if SP3 has the same base address randomizing that Vista and Windows 7 does.

    Do you know if SP3 incorporates this protection? Or are the fixed address locations just different but static on SP3?

    The reason I ask is that I have a number of Win XP boxes. All SP3 so I can't recreate your examples identically but if it's just a case of finding the new locations of the DLL's in memory then I'll have a go at doing an SP3 version.

    Thanks for your time.
    The base address randomising I referred to is ASLR. Its enabled in Windows Vista and 7 for modules that are specifically linked to be ASLR enabled, but it's not enabled in XP SP3. Any addresses in modules included with Windows are likely to be in a different location for SP3 than they were in my example SP2 system.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #18
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Writing Buffer Overflow Exploits using BackTrack

    This tutorials are awsome !!! Thank you very much lupin, you're a gold mine.

  9. #19
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    7

    Default Re: Writing Buffer Overflow Exploits using BackTrack

    Thanks for the response, Lupin.

    Different base address locations I can cope with. In that case I'm goin to set myself a little challenge and see if I can modify your 'tutorial one' for XP SP3 users like myself that would like to implement this particular vulnerability and experiment/learn.

    I won't bug anyone for help so if I don't make another post to this thread regarding this subject you'll know I've failed.

  10. #20
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    7

    Default Re: Writing Buffer Overflow Exploits using BackTrack

    Well, I succeeded in adapting the minishare exploit to work under XP SP3.

    I won't write a long post about how I did it, I'll just give the essential information which should be all that's required, especially if you were learning the processes involved rather than just treating it as a copy and paste exercise.

    The only 2 differences were;

    1) The location in memory for the first usable memory address for the JMP ESP was different in the XP SP3 Shell32.dll file so that address had to replace the one in the original exploit.
    2) The shellcode that I produced using the msfpayload and msfencode tools was different to what lupin had provided on his examples. Not sure why, maybe the version of the program I have is different. I'm using BackTrack4 Final (the latest distro as of the date of this post).

    Please feel free to contact me if you would like to discuss this further or ask any questions.

    Thanks.

Page 2 of 5 FirstFirst 1234 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •