Finding Bad Characters

00:01

finding bad characters

00:03

are learning objective is to understand how to find bad characters.

00:08

I did a lot of buffer overflow practice and I can tell you that the biggest mistake I made

00:14

was just skipping over this part.

00:17

Do not skip over this part. You'll thank me later. Finding bad characters is very important and I'll show you how

00:30

so now that we've figured out how to control the iP, I've written another program with bad characters. The thing is we don't know which characters will cause the program

00:39

to act in a certain way that we're not aware of. We typically skip

00:45

00 because that's the null byte which will terminate the remainder of the remainder of the shell code. So it's always a bad character. So I start with one, you'll notice I go all the way to ff here

00:58

and I'm using this to try to figure out if there is some character that if we put it in our shell code will cause the shell code do not work and crash the program and therefore us not get a shell.

01:11

So I will send this. You'll notice you know I have my offset of 146, I have my bees and now I'm adding all these bad characters to figure out which ones are bad.

01:23

So let's send this

01:26

and let's go back.

01:30

Let's see what we have. So obviously the program has crashed.

01:36

Mhm.

01:40

So I'll go to E. S. P.

01:45

Mm.

01:49

Following dump

01:51

And you can see here 123456789 21 21 21 21.

02:00

So we have an issue here. If we look

02:05

back at our script

02:14

it should be a B C D E F. And so on.

02:20

Yeah.

02:20

So let's take out the A.

02:24

Save. It

02:28

should probably go back

02:30

and here and restart the program.

02:42

And the hope is that we see every character

02:45

without it causing it to not appear in memory.

02:53

So let's send this again.

02:59

Yeah

03:08

so now we can I mean this is a manual review. There are ways you can do with Mona. I suggest you research that

03:15

but I do it the hard way. 123456789 B. C. D E. F.

03:23

And like we saw it goes all the way to ff

03:29

and it doesn't look like anything's missing or has caused to crash. I also have read the guide

03:35

and he tells me that the only bad characters are 00 and a zero.

03:40

So now I know what my bad characters are. Do not skip this. Do not skip this and make sure you carefully check

03:51

which characters are the bad characters. Because when you get to your shell code and you specify your bad characters and you miss one, it will cause your shell code not to work in the program to crash and you'll be wondering why. So

04:05

that's how to find bad characters.