2. WhoAmI
Working with Payatu Technologies as Security Consultant.
Trainer and Freelancer
Webpentesting, VAPT and Android App Pentesting
3. Agenda
• What we will cover - Fuzzing Buffer Overflow(EIP Overwrite)
ShellCode Execution Ownage
• What we will do - EIP overwrite, which will allow us to gain control of
program execution and redirect it to our shellcode
• How we will do – Exploiting stack based buffer overflow in the
Windows application MiniShare 1.4.1.
4. Fuzzing
• Fuzzing is a process of sending deliberately malformed data to a
program in order to generate failures, or errors in the application.
• When performed by those in the software exploitation community,
fuzzing usually focuses on discovery of bugs that can be exploited to
allow an attacker to run their own code, and along with binary and
source code analysis.
• Fuzzing is one of the primary ways in which exploitable software bugs
are discovered.
5. BufferOverflow
• A buffer overflow is a condition when a program attempts to put
more data in a buffer than it can hold or when a program attempts to
put data in a memory area past a buffer.
• The general idea is there is an application that accepts input from a
user without any bounds checking. This allows us to overwrite the
memory space “buffer” and hopefully overwrite the EIP register
which will allows us to redirect program execution to our shellcode.
6. Shellcode
• A shellcode is a small piece of code used as the payload in
the exploitation of a software vulnerability.
• It is called "shellcode" because it typically starts a command
shell from which the attacker can control the compromised
machine.
• Shellcode can either be local or remote. In our case, it is local and
not remote.
7. System Requirement
1. VM platform (Virtualbox, VMware, etc.)
2. Have a Windows 32-bit XP VM and a Kali Linux VM
3. OllyDbg Debugger.
4. Minishare 1.4.1 -
http://sites.google.com/site/lupingreycorner/minishare-1.4.1.zip
8. Assembly Basics
• Assembly language is considered a low level language that is a human
readable version of a computer’s architecture instruction set.
• Since we cannot learn assembly within a day just remember –
1) Instruction Pointer: EIP – Register that contains the memory
address of the next instruction to be executed by the program. EIP tells
the CPU what to do next.
2) Stack Pointer: ESP – Register pointing to the top of the stack
at any time