-
Step 1) Login to https://flow.microsoft.com
-
Step 2) Click Import
- Step 3) Click Upload
- Step 4) Navigate and open the OvRfLoW.zip Download Here Overflow.zip
- Step 5) Click "Select during import"
- Step 6) Select the email account you are backdooring and click Save. (This should be the account you logged into on step 1.)
- Step 7) Click Import
- Step 8) You should given a screen that says "All package resources were successfully imported." Click My Flows and find "OvRfLoW by @surbo and click the Edit button"
- Step 9) Click "When a HTTP request is received" and click the "Copy Url" icon.
-
Step 10) Update Overflow.sh by pasting the HTTP POST URL between the two sets of quotes for the RequestFlow= variable.
-
Derbycon Slides Download
-
Derbycon Video
OVERVIEW
Derbycon Drop of My Flow Talk 'Attacking with Automation'
Update RequestFlow="" and Downloadbypass=""
Q&A
Q: Is it overflow or ovRflow? A: It's OvRflow!
Q: Why did you make the repo overflow then? A: Because people would spell it correctly
Q: Then why not spell it correctly then? A: It would be hard to find because of Buffer Overflow. Also @archwisp said not to name it overflow =) . <-slides