BOF

Buffer Overflows

1. BOF tips

• Practice using mona.py
• Download vulnerable exe from Exploit DB.
• https://github.com/justinsteven/dostackbufferoverflowgood
• https://esseum.com/win-32-buffer-overflow-walkthrough-exploiting-slmail-5-5/
• It's easy 25 points !!! :D

2. Reference

https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/

• dostackbufferoverflowgood : This is good for understanding how BoF works. https://github.com/justinsteven/dostackbufferoverflowgood
• SLmail v5.5 : Covered in OSCP guide(exercise) , try build your own exploit-code for BoF on different environments like Windows XP or Windows7 SP3, etc. https://www.exploit-db.com/exploits/638
• FreeFloatFTP Server 1.0 : https://www.exploit-db.com/exploits/17546
• VulnSever.exe : Covered in OSCP Lab, try build your own exploit-code for BoF on different environment
• Minishare 1.4.1 : Covered in OSCP Lab, i built my own BoF exploit on Windows XP SP3 English and Windows 7 SP1. https://www.exploit-db.com/exploits/616
• Savant 3.1 : https://www.exploit-db.com/exploits/18401
• WarFTPd 1.6.5: https://www.exploit-db.com/exploits/3570
• PCMAN FTP 2.0.7: https://www.exploit-db.com/exploits/26471

3. List link

• https://www.exploit-db.com/exploits/40673/

• http://camelinc.info/blog/2014/05/Aviosoft-Digital-TV-Player-Professional-1.0-Stack-Buffer-Overflow/

• http://pusheax.com/exploit-writing-stack-based-buffer-overflow/

• http://tekwizz123.blogspot.in/2014/02/bypassing-aslr-and-dep-on-windows-7.html?m=1

• http://www.arti-sec.com/article/buffer-overflow-slmail-5504433-full-development

• http://blog.gojhonny.com/2013/10/buffer-overflow-smashing-stack-tutorial.html

• https://github.com/AnasFullStack/Penetration-Testing/blob/master/pwk/Win32_Buffer_Overflow_Exploitation.md

• https://royleekiat.com/2016/01/15/buffer-overflow-attack-on-pcman-ftp-server-2-07-using-the-metasploit-framework-and-corelan-teams-mona-script/ *using msf

• http://www.primalsecurity.net/0x3-python-tutorial-fuzzer/

• http://0xdeadcode.se/archives/178 <-- minishare

• https://bogner.sh/2016/04/the-hard-life-of-exploit-developers/

• http://ch3rn0byl.com/intro-to-buffer-overflows/

• http://netsec.ws/?p=180

• https://t0w3ntum.wordpress.com/2016/07/22/buffer-overflows-and-you/ <--good scripts

• http://n01g3l.tumblr.com/post/49036035399/linux-crossfire-v190-buffer-overflow

• http://sh3llc0d3r.com/vulnserver-trun-command-buffer-overflow-exploit/

• http://n01g3l.tumblr.com/post/49036035399/linux-crossfire-v190-buffer-overflow

• http://www.primalsecurity.net/0x0-exploit-tutorial-buffer-overflow-vanilla-eip-overwrite-2/

• http://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/

• https://samsclass.info/127/proj/vuln-server.htm

• http://www.fuzzysecurity.com/tutorials/expDev/2.html FreeFloat FTP

• https://www.phillips321.co.uk/2012/08/02/writing-my-first-exploit-freefloat-ftp/

• https://www.mattandreko.com/2013/04/06/buffer-overflow-in-hexchat-294/

• http://proactivedefender.blogspot.in/2013/05/understanding-buffer-overflows.html?m=1

• https://rootisthelimit.com/first-buffer-overflow/ <-- Ability 2.34

• http://rgolebiowski.blogspot.in/2016/02/brain-pain.html