This is a write-up for Buffer Overflow Prep room by Tib3rius on Try Hack Me in notes style format.
Useful Links
=======
⇒ https://github.com/Tib3rius/Pentest-Cheatsheets/blob/master/exploits/buffer-overflows.rst
⇒ https://tryhackme.com/room/bufferoverflowprep
Fuzzing with long input Strings
==================
⇒ python3 -c ‘print (“A” * 5000)’ ⇒ Generate lots of As
⇒ Run oscp.exe in Immunity Debugger on the target
⇒ Connect with netcat and send these A’s to target : OVERFLOW1 AAAA….5000 times
⇒ OSCP.exe crashes indicated we can exploit this using Buffer Overflow.
MSF Pattern create
===========
⇒ msf-pattern_create -l 5000
⇒ send over to the target exe via nc session only.
Mona Config
========
⇒ !mona config -set workingfolder c:\mona\%p ⇒ Run this in Immunity
Finding Offset
========
⇒ In Immunity Debugger note the EIP after sending the pattern and crashing the exe.
