Protostar: Stack5

-

Overview


I wanted to learn more about the fundamentals behind performing a buffer overflow, or
"Stack Smashing" attack. This is a pretty common attack and no modern system would
really have this type of vulnerability. Still, this is a good way to gain some beginners
knowledge of reversing with GDB and the x86 assembly language, and because I am a
diehard academic, lets dive in!
Overview of Buffer Overflows

Following the Exploit exercises site here, we downloaded the Protostar VM.
I started at Stack5, because Stack0-4 were relatively simple.

Stack5 is recreating a standard buffer overflow using shellcode as a payload.
The source code includes nothing except for a simple 64 Byte buffer that you are
supposed to overflow. This was my introduction to using any type of shellcode related
exploit, so I have included links for my own reference.

A snip of the source code for this exercise





Crafting the Payload


Metasploit and MsfPayload are command-line tool for crafting all kinds of exploits. I wanted to take a more hands
on approach to writing shellcode. So This is what I read.
The shellcode database is obviously a much shorter method to finding useful codes.
Shellcode DB

Metasploit Guide

Comments

  1. AnneJanuary 18, 2020 at 8:11 PM

    This comment has been removed by the author.

    ReplyDelete
  2. csyanMay 28, 2020 at 12:12 AM

    My boyfriend likes copying watches. replica iwc watches When you buy it back, this gorgeous replica watch is amazing. The watch design and features are very fresh and elegant. The quality is relatively perfect.replica iwc aquatimer watches This replica watch is very special, good quality and very cheap

    ReplyDelete
  3. SHAHZAIBJune 13, 2021 at 1:04 AM

    Positive site, where did u come up with the information on this posting? I'm pleased I discovered it though, ill be checking back soon to find out what additional posts you include. big data

    ReplyDelete
  4. The Custom Box PackagingJuly 28, 2021 at 3:02 PM

    I am pleased to see your Content. The manner you describe packaging Benefits well in this Blog
    Custom Dispenser Boxes

    ReplyDelete
  5. 12panelnowMarch 7, 2022 at 1:29 PM

    This comment has been removed by the author.

    ReplyDelete

Post a Comment

Popular posts from this blog

Using Selenium Testing for Electron (Atom shell) Applications

-
Image
Electron (formerly Atom Shell) is a very new way to quickly create javascript applications for multiple platforms. Not a lot of documentation exists about using Selenium to do full-fledged integration testing on Electron Applications. And even less exists about performing such tests in python. This brief tutorial should answer a few questions about Electron Applications and show you how to get started using Selenium to test them. I. Getting started Install and start chromedriver Selenium need this to be able to make calls to the Electron App. Chromedriver acts as a bridge between Selenium and Chrome, it follows Selenium wire protocol. By default, chromium runs on port 9515, you can start on alternate ports, but remember the assigned port this will be passed as an argument to Selenium later. ./chromedriver --port=9515 Install Selenium You'll need to use Selenium's remotewebdriver to interface with chromedriver. Im using a python virtualenv to keep all my python plugi...
Read more

Using Signoz and OpenTelemetry as an alternative to DataDog

-
Image
 Datadog is an essential tool for monitoring large applications, but for hobby projects Sigmoz is a great open source alternative that provides similar functionality. It's also free and easy to setup using docker-compose. Start off by cloning the signoz github repo. git clone https://github.com/SigNoz/signoz cd signoz/deploy If you already have docker and docker-compose installed than you can skip this, but otherwise run the install script. ./install.sh Launch the Sigmoz service. The docker-compose setup includes clickhouse database, Zookeeper service, and a sample application called hotrod. This will bring up everything. docker-compose -f docker/clickhouse-setup/docker-compose.yaml up Then navigate to http://localhost:3301/ and you'll be prompted to setup an account and admin password. Then you'll be able to see the Sigmoz homepage with some example metrics. We can then start on integrating the opentelemetry metrics with our java app. Open telemetry automat...
Read more

Packaging Electron Applications for OSX

-
Image
I want to use Electron to create installable apps for OSX, Precise, and Trusty. I first attempted to use fpm (package distribution across multiple platforms) which works fine for creating rpm and deb packages, but creating the OSX pkg file proved difficult. These steps will summarize how to create an installable .pkg from an Electron Application. NOTE: This tutorial does not cover creating valid packages for the mac app store, which has a whole different set of requirements. But you will end up with a .pkg file which can be distributed and used to install your application. I. Re-Branding Electron Unless you want your Application to be named "Electron" after its installation, you will probably want to rename the application and change the default icon. On OSX, this is done by editing the existing Info.plist file in the Electron.app directory and changing four values to match your Apps name. The Location of the Electron Info.plist file is found under the Electron.app...
Read more