Skip to main content

Buffer_Overflow

A buffer overflow occurs when a payload size is larger than the allocated buffer size which causes an overwrite of program instructions and replace them with malicious instructions.

Example

Steps

  1. Spiking - Finding vulnerable part of the program.

Use generic_send_tcp binary to spike.

  1. Fuzzing - Sending characters to try to break program.

Need to find at which byte the program broke.

  1. Finding the offset, the location where the program broke.

To generate payload according to byte location found in fuzzing step:

/usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 	$NUMBER_OF_BYTES

Send the payload and extract the eip value.

To find the offset, we run

/usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 	$NUMBER_OF_BYTES -q $EIP_VALUE
  1. Overwriting the eip with malicious code.

Once we know the offset, we can write 4 bytes (length of eip) of shellcode.

  1. Finding bad characters.

  2. Finding the right module.

  3. Generate shellcode for reverse shell.