Buffer Overflows Made Easy - Part 1: Introduction

Key Takeaways

what's up everybody welcome to this course titled buffer overflows made easy brought to you by me the cyber mentor in this course I'm going to be teaching you how to perform a 32-bit Windows buffer overflow attack and make it seem easy in the process so this is going to be a hands-on course we're going to be using windows and kali linux and we're not going to be doing any death by powerpoint outside of a little bit in this first video so we're going to break it down step by step into individual videos and by the end of it you should be able to perform a 32-bit windows buffer overflow attack on your own so let's talk about some of the things that we're going to be seeing so we're going to cover quickly anatomy of memory anatomy of the stack and then we're going to talk about the buffer overflow walkthrough but we're going to be doing that in the hands-on portion so let's talk about anatomy of memory so when we talk about anatomy of memory we have the kernel at the top and we've got text at the bottom so if you think of your kernel think of your command line you can also think about this as a bunch of ones and your text you can think about as you read only code and you can think about that as a bunch of zeros so this is only for informational purposes but we can also call this the kernel the top the text the bottom where we're really going to be focused on though is going to be the stack so if we dive into this memory here and we dive even deeper and we go into the stack it's kind of similar so we have these registers here and I'll provide links down below on how to brush up on some of these registers if you're not familiar but the important thing is what we need to know for this lesson is that you have the ESP you have your buffer space your EBP and your AIP so we can think about this again as the ESP sitting at the top and the EBP sitting as the bottom so what happens is you have this buffer space and this buffer space fills up with characters so the buffer space is going to go downward what should happen is if you're properly your buffer space then if you send a bunch of characters at it and say a bunch of A's for example like this you should reach the EBP but stop the buffer space should be able to contain the characters that you're sending now however if you have a buffer overflow attack then you actually overflow the buffer space you're using and reach over the EBP and into something called the EIP now the EIP is where things get interesting this is a pointer address or a return address so what we can do is we can use this address to point to directions that we instruct now these directions are actually going to be malicious code that gives us a reverse shell so we're going to learn that later on in future videos as we go step by step so this doesn't have to seem very logical right now you just have to very very base level understand that what's happening and the stack is that you're overflowing buffer space so if you can write over the buffer space and write down all the way to the EIP you can control the stack and you can control the pointer and eventually you can have a reverse shell which will lead to route so it's going to make a lot more sense when we dive in a hands-on there's just some more of a theoretical thing so let's talk about really quick the steps to conduct a buffer overflow so the first step we're going to cover is called spiking so spiking is going to be a method that we use to find a vulnerable part of a program once we find the vulnerable part of the program we're gonna do fuzzing which is kind of similar to spiking so fuzzy we're gonna send a bunch of characters at a program and see if we can break it if we do break it we want to find out at what point we can we did break it right so we want to find something called the offset and we use that offset to overwrite the IP the pointer address that we're talking about once we have the EIP controlled we need to do a few house cleanup things one is called finding bad characters the other is called finding the right module this doesn't need to make sense right now but once we do that and we have this information from steps five and six we can generate shellcode this malicious shellcode that will allow us to get this reversed shell so we're going to use that we're going to point that AI P to our malicious shellcode and hopefully we're going to gain root so again this will all make sense as we dive into the future videos and we get hands on so if you look at these videos these are the videos that are gonna come so our next video is going to be on spiking second one's gonna be on fuzzing and so on so if you have trouble with one area in particular you can watch that area specifically and not have to look through a long video and hopefully break this down into little nuggets so last thing we're gonna do is we're gonna talk about the tools we're gonna be using in this course so I have a victim machine I'm sitting on Windows 10 Pro you do not have to be on Windows 10 Pro you could be on a different type of machine but Windows is critical for this as Voland server runs on Windows so if you're running Windows 7 that's fine your return address may be different than mine but if you follow the steps in what I tell you through the course you should have no issue getting root so as I've mentioned before we're gonna be using something called Vohland server that is our vulnerable software they're gonna be running on Windows this is what's going to allow us to exploit and attack the software and gain root so our attacker machine is going to be Kali Linux you do not have to use Kali Linux it is what is I'm going to be using through the course I do recommend any sort of virtual machine that you have it could be Ubuntu or some form of Linux or something you're comfortable with writing Python in and lastly on our Windows machine as well the victim machine we're gonna be running something called immunity debugger so all of these tools are going to be your homework to be installed let's go ahead and just talk about them real quick I'm gonna open up Internet Explorer here or actually edge and what we're gonna do is I've just pulled up the Google and I'm just gonna kind of show you here what we're gonna do so for vault and server if you google vole and server you're gonna go to the grey corner you click on the grey corner you scroll down just a little bit I want you to download this Volant server zip and extract it to a folder from there on we're going to be running bold and server repeatedly so make sure you know where this is that same goes for immunity to bugger you can download it here if you see download the latest immunity to bugger here there's gonna be this register page what you have to do you could put in fake information if you're not comfortable giving your real information it'll still download regardless so all you need to do here is download immunity and install it on your Windows machine so again we're gonna have the bone server and the immunity on the Windows machine if you want to follow along with what I'm doing on the VM side of the house then I am using VMware pro but pro does cost money so you can use a workstation so what you can do is you can say VMware Workstation download and just look for VMware Workstation player right here you can click this link and go into the download page again you'll be running that on your base machine so if that's Windows then this is what you're gonna run it on and you can do this in Reverse so if you're running a Windows on a VM that's fine just understand that I'm running Windows as a base ok so once you have your desired workstation installed in your VM installed you can download Kali Linux if you'd like so don't go to the official Kali Linux download page I actually prefer the Kali Linux custom image page if you scroll a little bit down and you click on this page here what's nice is that they give you the VMware or if your VirtualBox person you can get the VirtualBox image as well so we do the VMware image if you have a torrent software go ahead and click torrent if not you're gonna have to download torrent software I recommend you torrent or BitTorrent go ahead torrent that download this and get Kali up and running should be pretty straightforward on that the default password is tor as you see here and of course root is the default user so once you have all of this set up let's go ahead and join me in the next video [Music] you [Music]