December 15, 2017, 11:10:59 PM
Welcome, Guest. Please login or register.

THS Promising Student Scholarship has been introduced! Full and partial scholarships available. See http://www.top-hat-sec.com/scholarships.html for more details

Author Topic: Stack Overflow and Exploit Dev  (Read 1492 times)

Offline ch3rn0byl

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 191
  • Internets: +1338/-0
  • Grumpy Old Man with Mounds of Salt
Stack Overflow and Exploit Dev
« on: January 10, 2016, 06:05:15 AM »
http://www.mediafire.com/watch/dgdfsvf9k555aud10x/finallydone.mp4
Just make sure to switch to 1080/720 so you can see it clearly, and full screen will be even better

PCMan FTP Server: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z
Immunity Debugger: https://github.com/kbandla/ImmunityDebugger (latest is 1.85)
Mona Script: https://github.com/corelan/mona/blob/master/mona.py

Bad Character List:
Code: [Select]
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13"
"\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26"
"\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39"
"\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c"
"\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72"
"\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85"
"\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98"
"\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab"
"\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe"
"\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1"
"\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4"
"\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"

Here's a video tutorial on the process of developing an exploit for a stack overflow. I did find that you can crash the service without the need of logging in and exploiting the app with ftp commands after fuzzing, which lead to this video :)
This is my first video ever, so if you have any tips/complaints/suggestions...I would actually love to have them
« Last Edit: March 28, 2016, 02:36:50 AM by ch3rn0byl »
Will personally drive the fucking hour to rip the computer out of your hands

Offline H4v0K

  • Administrator
  • Elite
  • *****
  • Posts: 1020
  • Internets: +986/-1
Re: Stack Overflow and Exploit Dev
« Reply #1 on: January 10, 2016, 06:39:28 AM »
Very nice.  That pug makes me laugh every time lol ..  +1  keep them coming ..


Offline GalaxyNinja

  • Global Moderator
  • Elite
  • *****
  • Posts: 1732
  • Internets: +96/-0
  • My password is **********
Re: Stack Overflow and Exploit Dev
« Reply #2 on: January 10, 2016, 05:57:09 PM »
Haha, the pug was distracting, but totally Ch3rn!
Loved the shoutout to the forum, H4v0k & c0ldg0ld  :)
A computer is only as strong as its user! -R4v3n

Offline Ov3rd0s3

  • *SQL INJECTION CERTIFIED*
  • Enthusiast
  • *****
  • Posts: 73
  • Internets: +17/-1
  • I walk in the light but reside in the shadows
Re: Stack Overflow and Exploit Dev
« Reply #3 on: January 10, 2016, 06:20:43 PM »
10/10

Instructions clear got foot all the way through hole.

Awesome tut bro!   Also when dealing with the address to do for the jmp make sure it doesnt have the bad characters. (Cant remember if that was covered) Super tut

plz drop tut on heap sprays!!!!!!!! PLZ LORD CH3rn!!!!   

« Last Edit: January 10, 2016, 06:23:58 PM by Ov3rd0s3 »
Lost In Space from the split OD on acid.

Sm3gal

  • Guest
Re: Stack Overflow and Exploit Dev
« Reply #4 on: January 10, 2016, 11:03:29 PM »
http://www.mediafire.com/watch/dgvf9k555aud10x/finallydone.mp4
Just make sure to switch to 1080/720 so you can see it clearly, and full screen will be even better

PCMan FTP Server: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z
Immunity Debugger: https://github.com/kbandla/ImmunityDebugger (latest is 1.85)
Mona Script: https://github.com/corelan/mona/blob/master/mona.py

Bad Character List:
Code: [Select]
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13"
"\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26"
"\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39"
"\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c"
"\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72"
"\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85"
"\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98"
"\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab"
"\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe"
"\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1"
"\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4"
"\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"

Here's a video tutorial on the process of developing an exploit for a stack overflow. I did find that you can crash the service without the need of logging in and exploiting the app with ftp commands after fuzzing, which lead to this video :)
This is my first video ever, so if you have any tips/complaints/suggestions...I would actually love to have them


Lmao I think I should Dban that Acer laptop :P

Offline RedCor

  • Top Hat Member
  • Prospect
  • ********
  • Posts: 31
  • Internets: +5/-0
Re: Stack Overflow and Exploit Dev
« Reply #5 on: March 24, 2016, 03:03:18 AM »
Very good
I'll do the tutorial  :D

Offline r3k0hu

  • Top Hat Member
  • Professional
  • ********
  • Posts: 487
  • Internets: +48/-0
Re: Stack Overflow and Exploit Dev
« Reply #6 on: March 25, 2016, 06:09:46 AM »
Thanks ch3rn - this is perfect timing... just getting my head around overflows for the PWK so every bit helps

+1 for your first video.. well presented and put together.. look forward to more :)
r3k0hu
-43.9515-176.561

Offline H4v0K

  • Administrator
  • Elite
  • *****
  • Posts: 1020
  • Internets: +986/-1
Re: Stack Overflow and Exploit Dev
« Reply #7 on: March 25, 2016, 07:07:53 AM »
Thanks ch3rn - this is perfect timing... just getting my head around overflows for the PWK so every bit helps

+1 for your first video.. well presented and put together.. look forward to more :)

Check out his other tut on porting exploits , it will be helpful for the course also .

http://forum.top-hat-sec.com/index.php?topic=5407.0#msg44398

Offline r3k0hu

  • Top Hat Member
  • Professional
  • ********
  • Posts: 487
  • Internets: +48/-0
Re: Stack Overflow and Exploit Dev
« Reply #8 on: March 25, 2016, 01:11:44 PM »
Thanks H4v0K - much appreciated.. going to look now.

I feel like i'm going in circles currently and need some focus.. want to jump in and start exploiting some of those lab machines, but the other part of my conscious is telling me to work through the study/videos first.. then do the meaty stuff.

This is good though. Thanks man

r3k0hu
-43.9515-176.561

Offline H4v0K

  • Administrator
  • Elite
  • *****
  • Posts: 1020
  • Internets: +986/-1
Re: Stack Overflow and Exploit Dev
« Reply #9 on: March 25, 2016, 01:48:11 PM »
want to jump in and start exploiting some of those lab machines, but the other part of my conscious is telling me to work through the study/videos first.. then do the meaty stuff.

That's where I went wrong , I just jumped into the labs for the fun stuff and slacked off on the material  next thing i knew my time was up and i really didn't get as much as i thought . So i would say study the material first and make sure you learn it with practice in the labs :)