As of late, I am reading up on buffer overflows. This is one topic I had been escaping for quite a time. All those hexes \x* , CPU Registers [ eip, esp, ecx, ebx eax ], exploit jargon like sled, nops, jmp et all just didn't made any sense. Until few weeks back when I decided to take it head on / [ me beats his chest and roars! ] :D
<-----Rewind----->Back a few weeks from now
I wanted to start up with something new. Had an idea and started researching on it. It is an interesting subject but there's not much of a 'fresh' learning. So, I put it on a pause for a while and decided to start with BoF. Nevertheless, it's going to be useful to many who are freshers or currently in the Information Security domain ofcourse when I complete it. ;)
After going over half-a-dozen quality articles, ability server & sl mail tutorial by guys over at offsec, I began testing on an open-source ftp server - Easy FTP server v18.104.22.168.
For a perfect noobie in BoF, easyftp server was no easy.. :)
Anyways, in around half a day, I could confirm 2 vuln commands in this application. Working on and off along with work at office, I wrote stable Remote Buffer Overflow command execution exploits for each of these. J
For those who are new at fuzzing and finding buffer overflows, and are looking for a formal book, here is one that I'd recommend ya:
This is a nice book that would take you through basics of fuzzing, gradually introducing you to several fuzzing frameworks available today.
A good read for anyone wanting to learn fuzzing.
Fuzzing... is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work.
I submitted my exploits over to Exploit-db yesterday [ http://www.exploit-db.com/remote/ ] and later in the day, saw they were confirmed as well. :)
I feel great at this. Though it's simple, now that I know it, the experience which came out of past few weeks is real learning and very interesting.
You may chose to read my exploits here: