How to Practice Buffer Overflows

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Offensive Penetration Testing
Course
Difficulty
Intermediate
Video Transcription
00:00
introduction to buffer overflows.
00:04
How to practice buffer overflows
00:07
are learning objective is to identify resources available to practice buffer overflows.
00:14
So the legendary buffer overflow, this is something that you need to practice and get good at.
00:20
Um Again I can't give away anything about. Oh SCP
00:24
but in the course material they show you and go through a buffer overflow.
00:29
If you're also thinking about doing E C P P T. As a pathway to. Oh SCP
00:34
the buffer overflow is very important as well.
00:38
You'll notice that a lot of people when they write or give interest to buffer overflows,
00:44
they're using older machines. Maybe it's Windows XP A 32 bit system and X 86 execute herbal something that's older. So that's why I do have that Windows XP Vm. I have old school is to practice all my buffer overflows on.
01:00
So what you also need to do on your vulnerable machine is you need to install immunity D bugger, which is what they have in the P W. K. Material and you put that on your vulnerable machine. Again, if you're practicing this or planning to e C P P. T.
01:15
Uh you definitely need to get a VM and install immunity to bugger on it. And you also need to install python the X 86 version
01:26
as well as Mona. And that will help you run different mona modules which you'll see later and why that's important.
01:37
So I just want to give you some resources other than this course, if you want to practise buffer overflows I would say after over everything that I practiced,
01:45
I practiced buffer overflow the most and it was a good strategy um I would say that also doing hands on cts and labs is also important. So don't put everything on the buffer overflow. The buffer overflow is important but it's not the most important thing to do
02:04
so balance your time accordingly.
02:07
One resource is this war ftp version 1.65
02:12
in George's book penetration testing, a hands on approach. You need to have an older VM for this. You need to have Windows XP. It won't work on newer. Os is it won't work on Windows 10.
02:23
Wouldn't work on windows seven for me. So it did work on Windows XP.
02:30
There is also free float FTp server.
02:35
All these things you can download or at least this one you can download exploit dB
02:39
and there's also a medium article walkthrough on it. Look at people's walk throughs and see how they, how they do this. Some people's techniques are better than others. Some people, as you can tell, have more programming skills than other people.
02:54
I don't have a very big development background. So I typically just go off of the demos that they give the P W K methodology, so that's what I use, but uh you'll see what will be using. Um there is a whole right up on it and the guy obviously
03:12
is a developer and his coding is beautiful, for lack of a better word.
03:19
There's also many share 1 4.1 another exploit DB
03:23
um where you can download it, remote buffer overflow. There's an info Sec Institute article walkthrough on this. Don't worry about the bitterly link.
03:32
Um but you should be able to get to this
03:37
walk through and again, it's it's a nice walk through. I encourage you to read through it and again, if you want to do this many share 1.4 point one, um that's where you can find it on exploit dB,
03:49
das stack buffer buffer overflow. Good is what we're gonna be using. There's a whole right up on this. The guy has a whole pdf that's why I chose this one is because this guy is right up is great. He walks you through everything. So
04:03
you know, in essence you have another instructor, you have a pdf that you can look through
04:09
to help you with the buffer overflow. I practice this his way, I practice the, practice the P W K way and you'll see when we walk through it, how I go through it, you find your own strategy,
04:24
but ultimately you're going to need to figure out how to write something like this up
04:29
and logically coherently and understand the process.
04:33
Mhm.
04:35
So in summary, you should now be able to identify the resources available to practice buffer overflows
04:42
and we'll be getting a lot of hands on practice as we continue through this module.
04:48
Yeah.
Up Next
Setting up the Environment
Fuzzing the Application
Finding Bad Characters
Finding the Return Address
Getting a Shell
View All
Instructed By
Clint Kehr

Clint Kehr

Ethical Hacker

Senior Instructor
Similar Content
Introduction to IT & Cybersecurity
Course
Introduction to IT & Cybersecurity
4.35
Are you new to IT & cybersecurity and wondering which role might suit you best? ...
2CEUs
Penetration Testing and Ethical Hacking
Course
Penetration Testing and Ethical Hacking
4.7
To assess the strength of your organization’s cybersecurity posture, you need to gather information, perform ...
7CEUs
Exploitation and Mitigation: MSHTML Vulnerability (CVE-2021-40444)
Course
Exploitation and Mitigation: MSHTML Vulnerability (CVE-2021-40444)
5
The MSHTML Windows remote code execution vulnerability (CVE-2021-40444) identified in September 2021 could allow a ...
2CEUs