Friday, March 11, 2011

Simple Stack Based Buffer Overflow Tutorial for Vulnserver

I have just written a tutorial for writing an exploit for the first and simplest exploitable vulnerability in Vulnserver.  As with previous Vulnserver related articles, you can read it at the InfoSec Institute site.

Links below:
Part 1
Part 2
Part 3



  1. Thanks very much for the tutorials.

    I am currently trying to exploit the GTER command in vulnserver. I have worked out the egghunter part i.e. did a short jump backwards in the 30 bytes of space after EIP, to land on the egghunter in the 150 bytes of space before the EIP. The egghunter tries to look for "R0cX", as per one of your tutorials.

    However, I am not sure if my shellcode is getting sent to memory correctly. At the end of my first buffer (the one with the egghunter and \xeb), I have tried appending "\x90" * 50, followed by "R0cX" + "R0cX" + shellcode. I have been unable to get this to work.

    I then used Alt-M in ollydbg and manually scan through all the shown memory locations, but am unable to find my shellcode.

    Would you be able to provide any advice or hints pls? Thanks!

  2. lol I found the location of my shellcode! (For anyone else looking for a hint, I had sent out the buffers in the wrong order.)

  3. Well done dearmo, I had faith that you would be able to work it out :p