(NEW!) Join the Dorper Forum Today!
Share What You Are Watching

OSCP Prep - x86 Windows Stack-Based Buffer Overflow Full Tutorial - War-FTP 1.65

Alh4zr3d Alh4zr3d

14,986
Dislike 547     Dislike 0

Published 1 year ago

Twitch: https://twitch.tv/alh4zr3d Twitter: https://twitter.com/alh4zr3d Discord: https://discord.gg/3kTQYxtGwR All of the strange aeons of stack-based buffer overflow fundamentals entirely de-obfuscated! This video contains every shred of information required to get you through a rudimentary x86 buffer overflow in Windows--such as that encountered on the Offensive Security Certified Professional (OSCP) exam--plus a little extra! 0:00 Introduction 7:50 Intro to Exploit Development/CPU Architecture 23:05 x86 Assembly Primer 36:43 Win32 Process Memory 53:26 The Stack and smashing it 1:04:15 Beginning of practical demo 1:06:35 Running WarFTP and attaching the debugger 1:10:10 Vulnerability discovery 1:26:20 Building a simple python fuzzer/analyzing vuln 1:44:00 Determining offset of return address overwrite 1:56:23 Determining bad characters 2:21:35 Finding a suitable "JMP ESP" address for the overwrite 2:36:32 Generating reverse shell shellcode with msfvenom 2:45:04 Shellcode crashes; explaining keeping ESP and EIP separate for FNSTENV 2:59:50 Rev shell from return address overwrite/showing shellcode execution in debugger 3:05:58 We aren't done! Analyzing another vuln in the same program 3:11:20 Intro to the Structured Exception Handler 3:18:50 Analyzing SEH overwrite and determining offset 3:29:10 Explaining POP-POP-RET and finding a suitable address 3:40:50 Executing a short JMP to get to our larger buffer 3:47:45 Generating shellcode, watching the payload execute in memory, gaining rev shell In this video, I exploit a piece of real-world software with a known stack-based buffer overflow vulnerability: WarFTP 1.65. See Exploit-DB page here: https://www.exploit-db.com/exploits/3570. Both a return address overwrite and an SEH overwrite are exploited! The entire process of exploit development is explained in detail, starting with vulnerability discovery and fuzzing and ending with TWO fully functional exploits in Python. Note that this is cut from a VOD of my Twitch stream, so at times I seem to be randomly out of breath because Twitch chat makes me do exercises while hacking.
  • Category

    People & Blogs

  • Debug

    0