This repo explains in details about buffer overflow exploit development for windows executable.

Related tags

Security related resourcespythoneducationmsfvenom-payloadexploit-developmentspikingimmunitydebugger
Overview

Buffer Overflow Exploit Development For Beginner

Introduction

I am beginner in security community and as my fellow beginner, I spend some of my time at platform like Hackethebox and TryHackMe. I was working on a room called Brainpan which I found interesting since it involves reverse engineering windows executable and exploit it. I will focus on the windows execution reverse engineering and exploitation of the buffer overflow vulnerability.

As they say, "The best way to learn is to teach", I wrote this documentation for beginners in buffer overflow exploit development. Let have fun! ๐Ÿ˜ƒ ๐Ÿ˜ƒ ๐Ÿ˜ƒ

All the source code used in this documentation can be found in the resources folder, including the windows executable.

Table of Contents

Owner
cris_0xC0
cris_0xC0
GitHub Repository
A Feature Rich Modular Malware Configuration Extraction Utility for MalDuck

Malware Configuration Extractor A Malware Configuration Extraction Tool and Modules for MalDuck This project is FREE as in FREE ๐Ÿบ , use it commercial

c3rb3ru5 103 Dec 18, 2022
This tool was created in order to automate some basic OSINT tasks for penetration testing assingments.

This tool was created in order to automate some basic OSINT tasks for penetration testing assingments. The main feature that I haven't seen much anywhere is the downloadd google dork function where t

Tobias 5 May 31, 2022
Get related domains / subdomains by looking at Google Analytics IDs

DomainRelationShips โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

Josuรฉ Encinar 161 Jan 02, 2023
CVE-2021-22986 & F5 BIG-IP RCE

Vuln Impact This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management

Al1ex 85 Dec 02, 2022
wsvuls - website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.]

WSVuls Website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.] What's WSVuls? WSVuls is a simple and powerf

Anouar Ben Saad 47 Sep 22, 2022
Argument Injection in Dragonfly Ruby Gem

CVE-2021-33564 PoC Exploit script for CVE-2021-33564 (Argument Injection in Dragonfly Ruby Gem). Usage Arbitrary File Read python3 poc.py -u https://

Michael Tsai 12 Nov 09, 2022
BloodyAD is an Active Directory Privilege Escalation Framework

BloodyAD Framework BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combi

757 Jan 07, 2023
RCE 0-day for GhostScript 9.50 - Payload generator

RCE-0-day-for-GhostScript-9.50 PoC for RCE 0-day for GhostScript 9.50 - Payload generator The PoC in python generates payload when exploited for a 0-d

534 Dec 14, 2022
Send CVE information to the specified mailbox (from Github)

Send CVE information to the specified mailbox (from Github)

91 Nov 08, 2022
IDA plugin for quickly copying disassembly as encoded hex bytes

HexCopy IDA plugin for quickly copying disassembly as encoded hex bytes. This whole plugin just saves you two extra clicks... but if you are frequentl

OALabs 46 Oct 30, 2022
Collection Of Discord Hacking Tools / Fun Stuff / Exploits That Is Completely Made Using Python.

Venom Collection Of Discord Hacking Tools / Fun Stuff / Exploits That Is Completely Made Using Python. Report Bug ยท Request Feature Contributing Well,

PndaBoi 25 Dec 06, 2022
Growtopia Save.dat Stealer

savedat-stealer Growtopia Save.dat Stealer (Auto Send To Webhook) How To Use After Change Webhook URL Compile script to exe Give to target Done Info C

NumeX 9 May 01, 2022
This repository is one of a few malware collections on the GitHub.

This repository is one of a few malware collections on the GitHub.

Andrew 1.7k Dec 28, 2022
This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

An amazing application that will help us manage our passwords and even generate new passwords for us.

1 Jan 23, 2022
A Python Scanner for log4j

log4j-Scanner scanner for log4j cat web-urls.txt | python3 log4j.py ID.burpcollaborator.net web-urls.txt http://127.0.0.1:8080 https://www.google.c

Ihebski 5 Jun 26, 2022
The best Python Backdoor๐Ÿ‘Œ

Backdoor The best Python Backdoor Files Server file is used in all of cases If client is Windows, the client need execute EXE file If client is Linux,

13 Oct 28, 2022
Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

ChromePE [Linux/Windows] Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, download

Finn Lancaster 3 Oct 05, 2022
test application for the licence key web app.

licence_software_test_app Make sure you set your database values in a .env file to the folder. Install MYSQL connector: pip install mysql-connector-py

Carl Beattie 1 Oct 28, 2021
A Modified version of TCC's Osprey poc framework......

fierce-fish fierce-fishๆ˜ฏ็”ฑTCC(ๆ–—่ฑก่ƒฝๅŠ›ไธญๅฟƒ)ๅ‡บๅ“ๅนถ็ปดๆŠค็š„ๅผ€ๆบๆผๆดžๆฃ€ๆต‹ๆก†ๆžถosprey็š„ๆ”นๅ†™๏ผŒๅŽปๆŽ‰่‡ƒ่‚ฟๅŠŸ่ƒฝ็š„็ฒพ็ฎ€็‰ˆๆœฌpocๆก†ๆžถ PS๏ผš็œŸ็š„็”จไธๆƒฏๅ…ถๅฎƒ่‡ƒ่‚ฟ็š„ๅŠŸ่ƒฝ๏ผŒไธ่ฟ‡ไฝœไธบไธ€ไธชๆ”ถ้›†ๆผๆดžpoc && exp็š„ๆก†ๆžถ่ฟ˜ๆ˜ฏ้žๅธธไธ้”™็š„๏ผ๏ผ๏ผ osprey For beginners fr

lUc1f3r11 10 Dec 30, 2022
POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL Pre-Auth RCE Injection Vulneralibity.

CVE-2021-26084 Description POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection V

antx 9 Aug 31, 2022