search

richnadeau / Capstone

0 stars 0 forks source link

(SPR1) Research #14

Closed richnadeau closed 2 years ago

richnadeau commented 2 years ago

Research for Spring Semester Target 1 Server

richnadeau commented 2 years ago

The team met with Devin on Thursday and it was determined that I need to find a Buffer Overflow attack and use it for the next server I have developing. Research for it can be found here.

richnadeau commented 2 years ago

Was unable to get Anviz CrossChex exploit to work today. Circling back to researching for recently found Buffer Overflow exploits. Updated research with another exploit I found for a vulnerable freeware app called Free MP3 CD Ripper 2.8.

richnadeau commented 2 years ago

Working on researching how to exploit FreeFloat FTP Server 1.0. Was also able to install/run Free FTP Server 1.0 with no problem on Windows 10 LTSC. Here is how I am currently trying to exploit that box remotely. After running the msfvenom command, starting a reverse TCP handler, and running the python script to execute the exploit the only thing that seems to happen is that FTP server crashes. Will need to do more research on this and maybe get some help with someone who understands Buffer Overflow attacks better than I do.

richnadeau commented 2 years ago

Started poking around with the FreeFloat FTP 1.0 program this evening using Immunity Debugger. When running the exploit, this is the error that comes up in the debugger (screenshot below), but I have not had any luck so far figuring out what I need to change in the python script to get it to work. (From what I understand from my research on Buffer Overflow attacks so far, the what I need to get it to work is in the EIP, Extended Instruction Pointer, but I am still not entirely sure.) Meeting with Devin and Mohammed tomorrow to try and get this exploit working.

image

richnadeau commented 2 years ago

Met with Devin during office ours and Mohammed for about 2.5 hours today trying to get the FreeFloat FTP buffer overflow exploit to work. Still was unable to get a remote shell in my listener on Kali, but learned a lot of the basics of Buffer Overflow including fuzzing. Going to try and take a deeper dive into this and rewatch YouTube videos/docs to see if anything was done improperly for the exploit process on Friday/this weekend. Progress has at least been made in that the FreeFloat FTP is crashing when testing the exploit python script still and we have been able to change the EIP in some instances of running the script.

richnadeau commented 2 years ago

Got the Exploit working and am now done with the Research phase (yesterday).