Skip to content

A script I made to automate basic buffer overflow exploitation as much as possible

License

Notifications You must be signed in to change notification settings

LegendBegins/Overflow-Helper

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 

Repository files navigation

This is a simple buffer overflow helper script I originally wrote to make the process faster for the OSCP.

This script automates initial overflow, offset discovery, bad character detection, and shellcode script generation. You just have to push a couple buttons and find the address of the instruction you want to jump to. And if if the exploitation process is more complex than that, it writes the shellcode script to a file for you to edit and fix all the non-trivialities (may be updated in the future to automate some non-trivialities). e.g. If you need to execute custom instructions (like modifying the stack pointer and jumping to it) before your shellcode, you're going to have to add that manually. If you use this on the OSCP exam, be careful. I don't consider it an automatic exploitation tool yet (though I may eventually create a fully-automated tool), but keep in mind that this is a helper script meant to take care of some of the more tedious processes for you behind the scenes. You still need to interact with your debugger and understand how these overflows work conceptually. Ensuring that information is clearly communicated in your report is your responsibility.


usage: BofHelper.py [-h] [-o FILE] [-b] [-p PREFIX] [-s SUFFIX] host port

positional arguments:

host           The host executing the vulnerable application (usually your debugger)

port           The port the application is running on


optional arguments:

-h, --help                              show this help message and exit

-o FILE, --output FILE           Write payload script to FILE

-b, --badchars                      Attempt to detect bad characters with your debugger of choice

-p PREFIX, --prefix PREFIX    Append a prefix to the beginning of your overflow string

-s SUFFIX, --suffix SUFFIX    Append a suffix to the end of your overflow string



Example: ./BofHelper.py -o exploit.py -b -p 'USER ' 127.0.0.1 9001

IMPORTANT:

If you use the bad character detection option, please ensure there are at least two spaces between the dump address and your actual memory, as well as between your memory and the ASCII representation. e.g.

0x012345678  14 15 16 17 18 19 20 21  ABCDEFGH

I may modify the regex in the future to make this more robust, but for the time being, you have to extend your dump output margins in some debuggers. Olly formats it correct by default.

Be sure to paste your data dump every time it asks because fixing a bad character could lead to new bad characters being discovered. In order to mitigate this, the script loops the detection process until all bad characters have been discovered.

Also, when generating your shellcode with venom, you HAVE to use the -f py option or it will fail to generate. This will be automated in the future (along with automatically adding the bad characters), but for right now, you have to pretend you're running the command directly in the console.



Example video coming soon!



FAQ:

Q: The bad character detection asks me to paste the dump more than once!

A: Because removing bad characters can reveal new ones, you have to paste the dump until it figures out that all bad characters have been removed.

Q: The script crashes when I generate a venom payload!

A: Make sure you're using -f py so the script can properly read the output.

Q: Can you make it detect JMP ESP for me?

A: Not without integrating it into a debugger (which I may make a version for in the future).



License TL;DR: Use this script wherever you want, however you want, but include a link to https://YouTube.com/LegendBegins whenever you distribute it. All my content is gaming related, but I figured this was as good a place as any to advertise.

About

A script I made to automate basic buffer overflow exploitation as much as possible

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages