Windows Stack Based Auto Buffer Overflow Exploiter

Related tags

Security related resourcesautoflow
Overview

Autoflow - Windows Stack Based Auto Buffer Overflow Exploiter

Overflow

Autoflow is a tool that exploits windows stack based buffer overflow automatically.

By reducing human efforts, Autoflow works flawlessly and performs all the steps involved in a buffer overflow attack.

Autoflow works on Interative Command Line Inteface and simplies the whole attack process.

Its Highly Recommended that you should already know the process of manual buffer overflow attack.

Autoflow needs only these inputs to function :

  • IP Address of Target.
  • Port Number Where Vulnarable Application is Active.
  • Vulnarable Command
  • EIP Register Value (Only Asked During EIP Overwrite Phase)
  • Bad Characters
  • Your LHOST and LPORT whew you want to spawn the shell
  • JMP ESP Address

Meanwhile you will only have to provide inputs and the tool will perform all the tasks involved by itself.

The tool will ask you to perform small actions when needed.

Debugger is something that works on client side so the user needs to perform some tasks that are beyond the limits of this tool as of now.

Overall the idea behind building this tool is to perform the stack based buffer overflow attack in a small amount of time and without taking any hassle of manually performing everything.

Requirements

  • Kali Linux OS

  • msfvenom (Included with metasploit)

  • pattern_create.rb (Included with metasploit)

  • pattern_offset.rb (Included with metasploit)

  • netcat

  • python2.7 with socket, time, sys, subprocess, os modules.

  • Immunity Debbuger on client side

How To Install Autoflow ?

git clone https://github.com/etc5had0w/autoflow.git

cd autoflow/

chmod +rwx setup.sh

sudo ./setup.sh

How To Run Autoflow ?

run this command from your console from the autoflow folder :

./autoflow

Note : Make sure you execute Autoflow only from the Autoflow Folder.

Features

Autoflow performs these tasks automatically :

  • Fuzzing

  • Offset Matching

  • EIP Register Overwriting

  • Seding Intended Buffer for Bad Character Detection

  • Generating Payload For Reverse Shell

  • Sending Malicious Buffer to Spawn a Reverse Shell

How to use Autoflow :

Here is a small video tutorial for Autoflow :

AUTOFLOW DEMO

Owner
Himanshu Shukla
Trying to learn new things every day!
Himanshu Shukla
GitHub Repository
Js File Scanner This is Js File Scanner

Js File Scanner This is Js File Scanner . Which are scan in js file and find juicy information Toke,Password Etc.

122 Dec 12, 2022
Advanced subdomain scanner, any domain hidden subdomains

little advanced subdomain scanner made in python, works very quick and has options to change the port u want it to connect for

Nano 5 Nov 23, 2021
the swiss army knife in the hash field. fast, reliable and easy to use

hexxus Hexxus is a fast hash cracking tool which checks more than 30 thousand passwords in under 4 seconds and can crack the following types bcrypt sh

enigma146 17 Apr 05, 2022
A DOM-based G-Suite password sprayer and user enumerator

A DOM-based G-Suite password sprayer and user enumerator

Mayk 1 Apr 07, 2022
Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3, It Fuzzes All URLs of target website & then scan them for EAR

Pushpender Singh 9 Dec 12, 2022
Compilation of resources and insights that helped me on my journey to data scientist

Compilation of resources and insights that helped me on my journey to data scientist

Conor Dewey 1.5k Jan 02, 2023
Lite version of my Gatekeeper backdoor for public use.

Gatekeeper Lite Backdoor Fully functioning bind-type backdoor This backdoor is a fully functioning bind shell and lite version of my full functioning

Joe Helle 56 Mar 25, 2022
A small utility to deal with malware embedded hashes.

Uchihash is a small utility that can save malware analysts the time of dealing with embedded hash values used for various things such as: Dyn

Abdallah Elshinbary 48 Dec 19, 2022
Subdomain enumeration,Web scraping and finding usernames automation script written in python

Subdomain enumeration,Web scraping and finding usernames automation script written in python

Syam 12 Nov 22, 2022
A great and handy python obfuscator for protecting code.

Python Code Obfuscator A handy and necessary tool that can protect your code anytime! Mostly Command Line tool that will obfuscate your code. Features

Karim 5 Nov 18, 2022
FBGen is simple facebook user based wordlist generator using Username/ID and cookie.

FBGen is simple facebook user based wordlist generator using Username/ID and cookie.

2 Jul 20, 2022
Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI

LFI-Hunter Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI A script written in

Anukul Pandey 6 Jan 30, 2022
A simple password generator using Python Tkinter.

Password-Generator-using-Python A simple password generator that generates password for you. User can Copy the password to Clipboard. Project made usi

Prashant Agheda 1 Nov 02, 2022
Bandit is a tool designed to find common security issues in Python code.

A security linter from PyCQA Free software: Apache license Documentation: https://bandit.readthedocs.io/en/latest/ Source: https://github.com/PyCQA/ba

Python Code Quality Authority 4.8k Dec 31, 2022
This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

An amazing application that will help us manage our passwords and even generate new passwords for us.

1 Jan 23, 2022
A Python script that can be used to check if a SAP system is affected by CVE-2022-22536

Vulnerability assessment for CVE-2022-22536 This repository contains a Python script that can be used to check if a SAP system is affected by CVE-2022

Onapsis Inc. 42 Dec 01, 2022
A proxy server application written in python for trial purposes

python-proxy-server This is a proxy server ❤️ application written in python ❤️ for trial purposes. The purpose of the application; Connecting to Hacke

Ali Kasimoglu 2 Dec 27, 2021
Malware arcane - Scripts and notes on my malware analysis journey

Malware Arcane Repository of notes and scripts I use when doing malware analysis

9 Jun 01, 2022
Community Repository for Unofficial Saltbox Add-ons

Saltbox Sandbox Repo Community Repository for Unofficial Saltbox Add-ons Requirements Saltbox Documentation Undetermined Roles List of roles can be fo

Salty Organization 31 Dec 19, 2022
Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

CVE-2022-21907 - Double Free in http.sys driver Summary An unauthenticated attacker can send an HTTP request with an "Accept-Encoding" HTTP request he

Podalirius 71 Dec 22, 2022