Open WDavid404 opened 8 months ago
A typical buffer overflow attack scenario involves overwriting the return address with a JMP ESP instruction, which instructs the program to jump to the stack and execute the shellcode that has been injected right after the beginning of the payload.
https://github.com/WDavid404/Note_tryhackme/issues/3
mingw-w64 tool: to compile the code into a Windows Portable Executable (PE) file. Install: (https://www.hackingtutorials.org/exploit-tutorials/mingw-w64-how-to-compile-windows-exploits-on-kali-linux/)
apt-get update
apt-get install mingw-w64
Usage:
kali@kali:~$ i686-w64-mingw32-gcc 42341.c -o syncbreeze_exploit.exe -lws2_32
_Note: -lws232 is a linker option that is used to link the Winsock2 library to a C/C++ program. It is used to create client-server applications that communicate over the network. [The -l option is used to specify the name of the library to link with the program]
Wine tool: To run a Windows binary, we'll need to use wine,3 which is a compatibility layer used for running Windows applications on several operating systems such as Linux, BSD, and macOS.
If we do not have a return address from a previously-developed exploit, we have a few options to consider. The first, and most recommended option, is to recreate the target environment locally and use a debugger to determine this address.
If this is not an option, we could use information from other publicly-available exploits to find a reliable return address that will match our target environment. For example, if we needed a return address for a JMP ESP instruction on Windows Server 2019, we could search for it in public exploits leveraging different vulnerabilities targeting that operating system. This method is less reliable and can vary widely depending on the protections installed on the operating system