Buffer Overflow Lab

00:00

Welcome to the buffer overflow lab. Your lab objective is to follow the steps that you saw me just do to get a shell on the Windows host. Now I'm not gonna do a walk through because that's what I did during this whole module but I do want to set you up for success. So let's go into the lab.

00:19

Okay? So log into both boxes, yule log in with root Cali

00:26

on Lennox

00:28

and in your Windows box you'll see admin, log in with the password, admin.

00:35

Now you'll notice on the desktop, you have buffer overflow here, you have a number of you have two scripts

00:40

we're gonna first need to do is open up exploit

00:45

and you'll notice you have a proof of concept for your exploit but you know something this is bad chars dot txt, that's we're going to use for your bad characters. So

00:54

cut that out of here

00:57

and save this.

00:59

And then you can also add

01:03

something called

01:03

bad chars dot txt

01:08

and stick this in here for when you do your test for bad characters. Don't forget to test for bad characters.

01:18

All right. So we have immunity D bugger here. We have do stack buffer overflow. Good here.

01:23

So you can start immunity D. Bugger

01:30

and you'll notice it looks like this. So click see

01:34

and expand this window.

01:37

There we go.

01:38

What you want to do is you can open

01:42

or attach.

01:44

Well, we have to get that started for attached to work.

01:48

We can open do stack buffer overflow Good.

01:52

And like you'll see you'll need to press play a few times to proceed forward and make sure that this is listening.

01:59

So what you also need to do for test is you need to change your I. P. Address

02:09

1921681.

02:14

And this is

02:23

100.

02:24

100. All right.

02:29

So I just want to test this and make sure it works. Right.

02:38

So, we will test

02:43

sent python script. Hello, python script. You'll see

02:46

that

02:47

it was bytes received bytes sent client disconnected here, so we know it's working. Okay.

02:55

So the next thing to do of course, is to run our exploits script and see if this crashes.

03:02

So again I need to go and exploit.

03:05

I need to change the iP address.

03:08

21921681 100.

03:14

Save this

03:22

and exploit

03:23

that should crash.

03:28

You'll see ESPN overwritten

03:31

and Egypt is overwritten with your ace.

03:34

So from here that's where you do pattern, create and proceed forward. Check your bad characters, find your memory location.

03:39

Mona should be on here. Mona modules.

03:46

So don't forget that Mona is installed as well to help you out. So, follow the steps that I showed you during the entire lessons for this module. And you should be just finding getting your shell. Good luck.