Thursday, July 7, 2011

More Buffer Overflows

It has been over a month since my last post.  It has been a really busy time.  When they say the most important resource is time, they are not kidding.  Anyway, in that time I have continuing to go to exploitdb to practice.  I was able to get some basic stack overflows going on two software ftp programs, easyftp and war-ftpd.  I have been using a test OS of Windows XP SP3.  Most of the exploits seem to center around Win XP SP2.  It would be better to try different service packs I guess.  Next, I want to find more SEH exploits.  This was fun trying to figure how to jump around in the stack.  Again, go to for information about buffer overflows and infosec in general.  Great stuff.  With easyftp, I was only able to fit the "net user add" payload.  Mannnn, it was a small buffer space.  However, in war-ftpd, the buffer was much larger and I was able to fit a Windows reverse shell.  I have to say, reverse shell is the best.  Just a side note, I have noticed that I have had a lot of success when the payload is encoded in "ShikataGaNai".  It might help someone else so I figured I would mention it. 

Just in case, you thought I let it go, nope.  Paper is still on.  Of course, the new hacker groups that have come out have made this an excellent paper to write.  ;-) I mean I thought of this before two groups even came out in the media.  Not that they were not there the whole time.  I just more time to get the thoughts together and more anecdotal evidence to make it more credible.  With everything that is going on, I should probably just post it by the end of the year so I can get all the probable hacks that will come recorded.