Well, of course there is a module that will do the exploit for you, but I have joined the many people who have put together a video on how to do a buffer overflow using SLMail, Immunity Debugger, mona commands, and Kali Linux, and put the video on YouTube. Probably easier if you just watch the video, but the 'in a nutshell' version is:
1) Find a spot we can crash a program.
2) See if someone has already written a Proof of Concept for us.
3) See if it works.
4) Fix the parts that do not work.
5) Profit.
In the video we go from vulnerable service, and proof of concept, to a bind shell and a connection in msfconsole.
Hat tip to Offensive Security, whose Penetration Testing with Kali course was my first exposure to this level of detail in how a buffer overflow works. The same exercise is presented within that course, along with many others.
No comments:
Post a Comment