A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Introduction to buffer overflows from ISSA KY workshop 6 - Jeremy Druin (Hacking Illustrated Series InfoSec Tutorial Videos)

Introduction to buffer overflows from ISSA KY workshop 6 - Jeremy Druin

    This is the 6th in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae for the Kentuckiana ISSA. This one covers Metasploit. This recording is from the Kentucky ISSA Workshop #6 from the November 2012 meeting. In part 5, using Metasploit was covered. In this workshop, buffer overflow vulnerabilities were examined more closely to see how Metasploit exploits might be written. A custom program is written with a known buffer overflow and compiled without the stack canaries or non-executable stack. Also ASLR is disabled on the Ubuntu 12.04 testing host. The program is fuzzed to determine an overflow exists and decompiled with GDB to look at the program logic more closely. Python scripts are used to generate exploits that get closer to over-writing the return pointer with a user supplied value. Once the buffer overflow is identified and the size of the buffer found, the exploit development begins. A custom exploit is developed to inject shellcode into the buffer, determine a reasonable memory address in which to jump, and a root shell gained.

Details:

Video Tutorials: www.youtube.com/user/webpwnized
Video Index URL: http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae 
YouTube Channel:  http://www.youtube.com/user/webpwnized
Twitter Updates: @webpwnized



 

Notes:

Vulnerability Exploitation

 Metasploit Exploit Framework
  a. Framework
   i. Exploits
    • Sorted by OS and/or Software
   ii. Payloads
    • Singles
     o Communications and function entangled
    • Stagers
     o Load stage and handle communications
    • Stages (note: Inplement shell, upexec, vncinject, meterpreter, etc.)
     o meterpreter
     o shell
     o vnc
     o mssql_payload
     o psexec
   iii. Post Exploit Modules
   iv. Auxillary Modules
   v. Interfaces
    1. msfconsole
     1. search <type>:<value> <string>
     2. help
     3. use
     4. show <what to show>
      i. payloads
      ii. exploits
      iii. post
      iv. auxillary
      v. <more>
    2. Metasploit Community Edition

 

Download from:
http://archive.org/download/IntoToMetrasploit/InroToMetasploitJeremyDruinwebpwnized.avi 

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast