The stack is known as Last-In-First-Out (LIFO). The stack is a space in memory for a program to store data temporarily – including functions, variables, and program control information. Therefore, let's take a brief look at the core parts of a 32-bit stack-based buffer overflow. I don't intend for this to be a deep, technical dive into exploit development and the internals of processors, registers, and debuggers. The view follows along with you as you step through the program. The bottom-left pane shows a complete hexadecimal dump of the application.This view changes as new contents are pushed onto and popped off of the stack. The bottom-right pane shows the current contents of the stack in memory.The top-right pane contains a view of the processor's registers.This program may have been developed in C, but the compiler further breaks the instructions down into a language the processor understands – assembly. The top-left pane contains the 32-bit assembly of the running program.This allows the operator to completely control and step through the program as desired. First, I want to point out that Immunity Debugger pauses the program when attaches. This view can seem intimidating at first, but I'll attempt a simple explanation of each tile. This is the default view when you attach a program to Immunity Debugger. Navigate to the folder containing vulnserver I've got Immunity Debugger installed and Vulnserver is downloaded. You can see here I've got the remote desktop from Kali to Windows 7 open. Visual C Redistributable for Visual Studio 2015.Runtime libraries for vulnerable apps (some programs might require this).Mona.py (Goes in C:\Program Files (x86)\Immunity Inc\Immunity Debugger\P圜ommands).Google Chrome (or any browser other than IE).Visual Studio Code (install the PowerShell extension).You can refer back to my other post here if you too would like to set up a vulnerable Windows 7 VM to practice your exploit development. This is where I'll be running the vulnerable application and debugger. From Kali, remote desktop to the Windows 7 64-bit VM.This is where I'll be creating the exploit. Referencing the diagram above, you can see that I am operating in the following conditions: I wanted to show the process being done with PowerShell. I specifically wanted to write this blog post, because most exploit development blogs are typically done with a vulnerable service and Python. That's why you should start with 32-bit applications first. You have to learn the basics before you can dive deep into a subject matter. That said, the learning environment, the techniques, and the skills learned are all stepping stones towards building more skills. The purpose of this setup is to be a learning environment and therefore, it is much less realistic than professional exploit development. I want to be very clear here that the vulnerable applications and the environment are setup in order to easy. One of the ways I've used my home lab to further my cybersecurity experience is in exploit development.
0 Comments
Leave a Reply. |