FUZZING

WhoAmI Working with Payatu Technologies as Security Consultant.

Trainer and Freelancer

Webpentesting, VAPT and Android App Pentesting

Agenda• What we will cover - Fuzzing Buffer Overflow(EIP Overwrite)

ShellCode Execution Ownage

• What we will do - EIP overwrite, which will allow us to gain control of program execution and redirect it to our shellcode

• How we will do – Exploiting stack based buffer overflow in the Windows application MiniShare 1.4.1.

Fuzzing • Fuzzing is a process of sending deliberately malformed data to a

program in order to generate failures, or errors in the application.

• When performed by those in the software exploitation community, fuzzing usually focuses on discovery of bugs that can be exploited to allow an attacker to run their own code, and along with binary and source code analysis.

• Fuzzing is one of the primary ways in which exploitable software bugs are discovered.

BufferOverflow• A buffer overflow is a condition when a program attempts to put

more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer.

• The general idea is there is an application that accepts input from a user without any bounds checking. This allows us to overwrite the memory space “buffer” and hopefully overwrite the EIP register which will allows us to redirect program execution to our shellcode.

Shellcode

• A shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability.

• It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine.

• Shellcode can either be local or remote. In our case, it is local and not remote.

System Requirement1. VM platform (Virtualbox, VMware, etc.)

2. Have a Windows 32-bit XP VM and a Kali Linux VM

3. OllyDbg Debugger.

4. Minishare 1.4.1 -http://sites.google.com/site/lupingreycorner/minishare-1.4.1.zip

Assembly Basics• Assembly language is considered a low level language that is a human

readable version of a computer’s architecture instruction set.

• Since we cannot learn assembly within a day just remember – 1) Instruction Pointer: EIP – Register that contains the memory

address of the next instruction to be executed by the program. EIP tells the CPU what to do next.

2) Stack Pointer: ESP – Register pointing to the top of the stack at any time

DEMO

• Fuzz Minishare

• Crash it.

• Execute Shellcode.

• Own windows system.

References

• http://www.thegreycorner.com/2010/01/beginning-stack-based-buffer-overflow.html

• http://www.primalsecurity.net/0x0-exploit-tutorial-buffer-overflow-vanilla-eip-overwrite-2/

• http://resources.infosecinstitute.com/author/lupin/