Written by marcel Saturday, 28 July 2012 06:39

My first BOF exploit

A few months back I embarked on a mission to figure out how exactly a buffer overflow was designed and used to compromise a target computer. In school they did their job and showed us how memory spaces could be overwritten and everything. But they did not go into detail on how exactly to find that specific memory space, nor did they say how to use it once you found it. It was all a mystery. Until I found a great tutorial on youtube. Here is the link.

Writing buffer overflows part 1 https://www.youtube.com/watch?v=pB7d3ZAXkOo&feature=relmfu

There are four parts to the tutorial, and he covers everything from finding the needed memory spaces with a debugger, all the way to writing in some shellcode to open a VNC session with metasploit on the attackers computer. I would say he did a pretty good job explaining the basics. I will also throw up another great tutorial, which the youtube person references.

Corelan Team http://www.corelan.be:8800/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

This is a bit more in depth, and a very good writeup.

So my adventure is right along side of the youtube video. I installed VirtualBox on my Arch Linux, and threw Win XP SP2 on there to make sure this exploit worked. I installed Immunity debugger and the exploitable program Mini-stream RM-MP3 Converter. I will go about explaining all that I did, and all that I learned, in the video below. In the video, my python code that I wrote to find the offset of the registers is here, http://hacked2bits.com/software/python-bof-pattern-create/

The exploitable program can be downloaded here http://www.exploit-db.com/exploits/18726/

Immunity debugger can be downloaded here http://debugger.immunityinc.com/ID_register.py

Here is my video on the buffer overflow exploit. I should mention that in a few places I comment that some script or program was done in Perl, and I meant to say Ruby.

 

 
 
So that was my first buffer overflow, and I had a great time learning what I did. Definitely more of those to come, it was really fun to study. And I just read on a vulnerability for an old version of Itunes.. what better program to exploit than that! And it’s done via a podcast, I can write the exploit code straight to my website! yay! More to come…