Buffer Overflow Prep

Tasks:

1. Deploy VM:
   1. Run xfreerdp /u:admin /p:password /cert:ignore /v:10.10.41.141 /workarea to RDP into machine
   2. Transfer all binaries in vulnerable-apps to your local windows vm for easier exploits.
2. oscp.exe - OVERFLOW1:
   1. Open oscp.exe in Immunity Debugger and run. It should start listening on port 1337. ncat 127.0.0.1 1337 in your local windows VM. Now type HELP , There are 10 different overflow commands such as OVERFLOW1 [value] .
   2. Run fuzzer.py and note no. of bytes required to crash the application - 2000
   3. Run exploit.py by replacing the payload with cyclic string generated using online tool or using metasploit framework pattern_create.rb. Run !mona findmsp -distance 2000 to find offset when buffer overflows and submit answer- 1978
   4. Again replace payload with badchars from bad_char.py and run exploit.py
   5. Look for missing bad characters if any by following ESP stack dump. If any of them is missing or not in order, try removing them from payload and repeat till all the bad characters are in same order as sent. Bad chars - \x00\x07\x2e\xa0
   6. You can also do !mona bytearray -b "\x00" and then send badchars & run !mona compare -f "bytearray.bin" -a 0124FA18 where -a takes ESP location as argument. This will produce \x07\x08\x2e\x2f\xa0\xa1 as bad chars , not all of them are bad , try removing only \x07\x2e\xa0 and send payload & repeat step 6, Notice there are no more bad chars. Bad chars - \x00\x07\x2e\xa0. Submit the bad chars obtained to complete this task.
3. oscp.exe - OVERFLOW2:
4. oscp.exe - OVERFLOW3:
5. oscp.exe - OVERFLOW4:
6. oscp.exe - OVERFLOW5:
7. oscp.exe - OVERFLOW6:
8. oscp.exe - OVERFLOW7:
9. oscp.exe - OVERFLOW8:
10. oscp.exe - OVERFLOW9:
11. oscp.exe - OVERFLOW10:
    1. same as task 2 just replace OVERFLOW1 with OVERFLOW{n} in fuzzer.py and exploit.py.