- I do software security stuff
- I publish information about vulnerabilities I have found
- I occasionally do livestreams of software security stuff - vulnerabilities, CTFs, pwnables and other fun puzzles
- You can reach me on Twitter or Mastodon
dostackbufferoverflowgood's Introduction
dostackbufferoverflowgood's People
Forkers
chubbymaggie izogain cyberhack255 paulgear cerebralmischief sjcaldwell pythonmaster41 scarvell wolframkluge bhasbor socketpy timkent crypt0b0y tbowman01 pasqua1e buglessdr jayklo ykankaya raimundojimenez monkeysm8 bwegryn karthikeyanvenu ionizecbr romerosergio kwanhonluen ethicalredteam garbr0 6t2 mullvadcat yuhisern7 veteransec bajaguy itsns aarandomhacker buyne morounfola layzhi 1337g cr7pt0gr4m xens misshackwrench c002 aashishyadavdev ps1337 jbrito21 wolf139 lesydimitri spaceliberty aelof3 ashr diegocaridei tranhoangkhuongvn l9sk tigretis chonuk jamilu-as ndstebbins jenniexlisa wongkenny240 jephk9 mitchmoser jasonsperry mmssr dreamscent vjunior1981 eduriel rudrasingh99 alfdav rob-rychs vinayasathyanarayana yoshiaki-s bravery9 dashagriiva kre80r robintate eloi1201 jasikpark cybersecuritytutorial mikust franka11en kz9 yrral-nerraw akshayjaing pwnfuzzsec superenoki evgenisabev 0uroboro cipherrat cmndrcool estrild rayferrufino richlondonctf toa7r lethanhtung01011980 l3clelvl asdqwe3124 nomadh7 yldrmdgn mohinparamasivam retostaehlidostackbufferoverflowgood's Issues
Application not responding to NC or fuzz scripts
Not sure if this is the right avenue to approach, but the application is not responding to netcat or fuzzing commands sent over from my kali machine. I've been using vulnserver.exe in the same VM that I'm running the dostackgood exe in, and that app had no issues for me. Any ideas as to what i could be missing?
Typo in the function epilogue explanation
There are 3 bullets describing what the function epilogue does. The second bullet states:
POP EBP
to restore the savedEBP
value into theEBP
register;
One of those EPB's should be ESP.
GREAT tutorial, by the way!
question about sub_esp_10
In general is it OK to use sub_esp_10 or is that number best determined by the ESP?
using "9eA8" in pattern_offset.rb does not work
Firstly I'd like to say I just went through your tutorial and I thought it was great! Thanks so much for creating it :)
I just want to point out a small issue that I found when running pattern_offset.rb
to find the offset that overwrites the saved return pointer. If I use pattern_offset.rb
with the raw address, ie
./pattern_offset.rb -q 39654138
Then I get the expected value of 146, but if I use the hexadecimal value that is mentioned in the tutorial (9eA8) ie:
./pattern_offset.rb -q 9eA8
I get this output:
[*] No exact matches, looking for likely candidates...
Interestingly if I reverse the order of the bytes, ie:
./pattern_offset.rb -q 8Ae9
I get the correct offset.
I assume this happens due to endian-ness shenanigans, (or possibly the way pattern_create.rb
works has been changed since the tutorial was written) but it would be cool if the tutorial was updated with the correct value :) I am happy to create a PR to fix this if you would like
The vcruntime dependency is not clearly explained
I have had a few reports of the vcruntime giving people grief.
See https://www.reddit.com/r/netsecstudents/comments/adl6px/issue_with_dostackbufferoverflowgoodexe_learning/ for example
The README and/or .md/PDF should make it clear how to resolve the vcruntime dependency, especially in the case of a x64 host OS. Furthermore, consider a FAQ entry explaining that an error 0x7b might be due to attempting to force a x64 vcruntime DLL upon the exe
Margins
Love this tutorial and thank you so much for it. With that out of the way...
Why on gods green earth did you make the margins on the PDF so large? I use 2 page scrolling view for my big ol' monitors and your margins are literally insane.
I tried to produce a PDF from the markdown but it doesnt pull the images. Could you provide a PDF with no margins or very small margins?
Thank you :)
Question
Hey Justin,
Thanks for creating this amazing tutorial. I learned a lot!
I am trying to write the assembly instruction "sub esp,0x10" using the metasm_shell.rb you suggested but one of the hex numbers it outputs is a badchar for the binary. How can I replace the hex or how could I go around it?
I am trying to use a different opcode than 0x83.
Thank you!
Calc.exe
does this pdf pops up calc or have i been pwned before?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.