Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Fuzzing | Null OWASP Mumbai | 2016 June

Download as PPTX, PDF
N
nullowaspmumbai

Fuzzing(Stack Overflow - Shellcode execution - Exploit Developement) All files https://drive.google.com/file/d/0B-eDrIpjhphDdS1BN2tjT0VaVUk/view?usp=sharing

1 of 10
FUZZING
WhoAmI  Working with Payatu Technologies as Security Consultant.  Trainer and Freelancer  Webpentesting, VAPT and Android App Pentesting
Agenda • What we will cover - Fuzzing  Buffer Overflow(EIP Overwrite)  ShellCode Execution  Ownage • What we will do - EIP overwrite, which will allow us to gain control of program execution and redirect it to our shellcode • How we will do – Exploiting stack based buffer overflow in the Windows application MiniShare 1.4.1.
Fuzzing • Fuzzing is a process of sending deliberately malformed data to a program in order to generate failures, or errors in the application. • When performed by those in the software exploitation community, fuzzing usually focuses on discovery of bugs that can be exploited to allow an attacker to run their own code, and along with binary and source code analysis. • Fuzzing is one of the primary ways in which exploitable software bugs are discovered.
BufferOverflow • A buffer overflow is a condition when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. • The general idea is there is an application that accepts input from a user without any bounds checking. This allows us to overwrite the memory space “buffer” and hopefully overwrite the EIP register which will allows us to redirect program execution to our shellcode.
Shellcode • A shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. • It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine. • Shellcode can either be local or remote. In our case, it is local and not remote.
System Requirement 1. VM platform (Virtualbox, VMware, etc.) 2. Have a Windows 32-bit XP VM and a Kali Linux VM 3. OllyDbg Debugger. 4. Minishare 1.4.1 - http://sites.google.com/site/lupingreycorner/minishare-1.4.1.zip
Assembly Basics • Assembly language is considered a low level language that is a human readable version of a computer’s architecture instruction set. • Since we cannot learn assembly within a day just remember – 1) Instruction Pointer: EIP – Register that contains the memory address of the next instruction to be executed by the program. EIP tells the CPU what to do next. 2) Stack Pointer: ESP – Register pointing to the top of the stack at any time
DEMO • Fuzz Minishare • Crash it. • Execute Shellcode. • Own windows system.
References • http://www.thegreycorner.com/2010/01/beginning-stack-based- buffer-overflow.html • http://www.primalsecurity.net/0x0-exploit-tutorial-buffer-overflow- vanilla-eip-overwrite-2/ • http://resources.infosecinstitute.com/author/lupin/

More Related Content

What's hot

NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin MagazineNIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
Aditya K Sood
 
Introduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android ApplicationIntroduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android Application
Kelwin Yang
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
 
Continuous Integration: Live Static Analysis with Puma Scan
Continuous Integration: Live Static Analysis with Puma ScanContinuous Integration: Live Static Analysis with Puma Scan
Continuous Integration: Live Static Analysis with Puma Scan
Cypress Data Defense
 
BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat Security Conference
 
Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015
Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015
Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015
Black Duck by Synopsys
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
RyanISI
 
Pentesting iOS Apps
Pentesting iOS AppsPentesting iOS Apps
Pentesting iOS Apps
Herman Duarte
 
CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)
Sam Bowne
 
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorial
Landice Fu
 
Mobile security part 2
Mobile security part 2Mobile security part 2
Mobile security part 2
Romansh Yadav
 
A great clash of symbols
A great clash of symbolsA great clash of symbols
A great clash of symbols
Greg Sohl
 
Anti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and CountermeasuresAnti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and Countermeasures
n|u - The Open Security Community
 
CNIT 128 7. Attacking Android Applications (Part 1)
CNIT 128 7. Attacking Android Applications (Part 1)CNIT 128 7. Attacking Android Applications (Part 1)
CNIT 128 7. Attacking Android Applications (Part 1)
Sam Bowne
 
CNIT 128 6. Analyzing Android Applications (Part 3 of 3)
CNIT 128 6. Analyzing Android Applications (Part 3 of 3)CNIT 128 6. Analyzing Android Applications (Part 3 of 3)
CNIT 128 6. Analyzing Android Applications (Part 3 of 3)
Sam Bowne
 
CNIT 128 7. Attacking Android Applications (Part 3)
CNIT 128 7. Attacking Android Applications (Part 3)CNIT 128 7. Attacking Android Applications (Part 3)
CNIT 128 7. Attacking Android Applications (Part 3)
Sam Bowne
 
Buffer Overflow Attacks
Buffer Overflow AttacksBuffer Overflow Attacks
Buffer Overflow Attacks
securityxploded
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote World
DevOps.com
 
CNIT 128 7. Attacking Android Applications (Part 3)
CNIT 128 7. Attacking Android Applications (Part 3)CNIT 128 7. Attacking Android Applications (Part 3)
CNIT 128 7. Attacking Android Applications (Part 3)
Sam Bowne
 
CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)
Sam Bowne
 

What's hot (20)

NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin MagazineNIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
 
Introduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android ApplicationIntroduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android Application
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
Continuous Integration: Live Static Analysis with Puma Scan
Continuous Integration: Live Static Analysis with Puma ScanContinuous Integration: Live Static Analysis with Puma Scan
Continuous Integration: Live Static Analysis with Puma Scan
 
BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...
 
Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015
Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015
Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
 
Pentesting iOS Apps
Pentesting iOS AppsPentesting iOS Apps
Pentesting iOS Apps
 
CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)
 
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorial
 
Mobile security part 2
Mobile security part 2Mobile security part 2
Mobile security part 2
 
A great clash of symbols
A great clash of symbolsA great clash of symbols
A great clash of symbols
 
Anti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and CountermeasuresAnti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and Countermeasures
 
CNIT 128 7. Attacking Android Applications (Part 1)
CNIT 128 7. Attacking Android Applications (Part 1)CNIT 128 7. Attacking Android Applications (Part 1)
CNIT 128 7. Attacking Android Applications (Part 1)
 
CNIT 128 6. Analyzing Android Applications (Part 3 of 3)
CNIT 128 6. Analyzing Android Applications (Part 3 of 3)CNIT 128 6. Analyzing Android Applications (Part 3 of 3)
CNIT 128 6. Analyzing Android Applications (Part 3 of 3)
 
CNIT 128 7. Attacking Android Applications (Part 3)
CNIT 128 7. Attacking Android Applications (Part 3)CNIT 128 7. Attacking Android Applications (Part 3)
CNIT 128 7. Attacking Android Applications (Part 3)
 
Buffer Overflow Attacks
Buffer Overflow AttacksBuffer Overflow Attacks
Buffer Overflow Attacks
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote World
 
CNIT 128 7. Attacking Android Applications (Part 3)
CNIT 128 7. Attacking Android Applications (Part 3)CNIT 128 7. Attacking Android Applications (Part 3)
CNIT 128 7. Attacking Android Applications (Part 3)
 
CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)CNIT 128 7. Attacking Android Applications (Part 2)
CNIT 128 7. Attacking Android Applications (Part 2)
 

Viewers also liked

Higher Level Malware
Higher Level MalwareHigher Level Malware
Higher Level Malware
CTruncer
 
Bug Hunting Safari
Bug Hunting SafariBug Hunting Safari
Bug Hunting Safari
Janie Clayton
 
Design and implementation_of_shellcodes
Design and implementation_of_shellcodesDesign and implementation_of_shellcodes
Design and implementation_of_shellcodes
Amr Ali
 
Efficient Bytecode Analysis: Linespeed Shellcode Detection
Efficient Bytecode Analysis: Linespeed Shellcode DetectionEfficient Bytecode Analysis: Linespeed Shellcode Detection
Efficient Bytecode Analysis: Linespeed Shellcode Detection
Georg Wicherski
 
Linux Shellcode disassembling
Linux Shellcode disassemblingLinux Shellcode disassembling
Linux Shellcode disassembling
Harsh Daftary
 
Anatomy of A Shell Code, Reverse engineering
Anatomy of A Shell Code, Reverse engineeringAnatomy of A Shell Code, Reverse engineering
Anatomy of A Shell Code, Reverse engineering
Abhineet Ayan
 
07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters
Alexandre Moneger
 
Java Shellcode Execution
Java Shellcode ExecutionJava Shellcode Execution
Java Shellcode Execution
Ryan Wincey
 
Shellcode and heapspray detection in phoneyc
Shellcode and heapspray detection in phoneycShellcode and heapspray detection in phoneyc
Shellcode and heapspray detection in phoneyc
Z Chen
 
05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters
Alexandre Moneger
 
Exploit Research and Development Megaprimer: Unicode Based Exploit Development
Exploit Research and Development Megaprimer: Unicode Based Exploit DevelopmentExploit Research and Development Megaprimer: Unicode Based Exploit Development
Exploit Research and Development Megaprimer: Unicode Based Exploit Development
Ajin Abraham
 
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Michele Orru
 
Talking about exploit writing
Talking about exploit writingTalking about exploit writing
Talking about exploit writing
sbha0909
 
Anton Dorfman. Shellcode Mastering.
Anton Dorfman. Shellcode Mastering.Anton Dorfman. Shellcode Mastering.
Anton Dorfman. Shellcode Mastering.
Positive Hack Days
 
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
midnite_runr
 
Shellcode Analysis - Basic and Concept
Shellcode Analysis - Basic and ConceptShellcode Analysis - Basic and Concept
Shellcode Analysis - Basic and Concept
Julia Yu-Chin Cheng
 
Hacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortHacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades short
Vincent Ohprecio
 
Exploit Research and Development Megaprimer: Win32 Egghunter
Exploit Research and Development Megaprimer: Win32 EgghunterExploit Research and Development Megaprimer: Win32 Egghunter
Exploit Research and Development Megaprimer: Win32 Egghunter
Ajin Abraham
 
D1T3-Anto-Joseph-Droid-FF
D1T3-Anto-Joseph-Droid-FFD1T3-Anto-Joseph-Droid-FF
D1T3-Anto-Joseph-Droid-FF
Anthony Jose
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshop
Nitesh Malviya
 

Viewers also liked (20)

Higher Level Malware
Higher Level MalwareHigher Level Malware
Higher Level Malware
 
Bug Hunting Safari
Bug Hunting SafariBug Hunting Safari
Bug Hunting Safari
 
Design and implementation_of_shellcodes
Design and implementation_of_shellcodesDesign and implementation_of_shellcodes
Design and implementation_of_shellcodes
 
Efficient Bytecode Analysis: Linespeed Shellcode Detection
Efficient Bytecode Analysis: Linespeed Shellcode DetectionEfficient Bytecode Analysis: Linespeed Shellcode Detection
Efficient Bytecode Analysis: Linespeed Shellcode Detection
 
Linux Shellcode disassembling
Linux Shellcode disassemblingLinux Shellcode disassembling
Linux Shellcode disassembling
 
Anatomy of A Shell Code, Reverse engineering
Anatomy of A Shell Code, Reverse engineeringAnatomy of A Shell Code, Reverse engineering
Anatomy of A Shell Code, Reverse engineering
 
07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters
 
Java Shellcode Execution
Java Shellcode ExecutionJava Shellcode Execution
Java Shellcode Execution
 
Shellcode and heapspray detection in phoneyc
Shellcode and heapspray detection in phoneycShellcode and heapspray detection in phoneyc
Shellcode and heapspray detection in phoneyc
 
05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters
 
Exploit Research and Development Megaprimer: Unicode Based Exploit Development
Exploit Research and Development Megaprimer: Unicode Based Exploit DevelopmentExploit Research and Development Megaprimer: Unicode Based Exploit Development
Exploit Research and Development Megaprimer: Unicode Based Exploit Development
 
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
 
Talking about exploit writing
Talking about exploit writingTalking about exploit writing
Talking about exploit writing
 
Anton Dorfman. Shellcode Mastering.
Anton Dorfman. Shellcode Mastering.Anton Dorfman. Shellcode Mastering.
Anton Dorfman. Shellcode Mastering.
 
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
 
Shellcode Analysis - Basic and Concept
Shellcode Analysis - Basic and ConceptShellcode Analysis - Basic and Concept
Shellcode Analysis - Basic and Concept
 
Hacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades shortHacking school computers for fun profit and better grades short
Hacking school computers for fun profit and better grades short
 
Exploit Research and Development Megaprimer: Win32 Egghunter
Exploit Research and Development Megaprimer: Win32 EgghunterExploit Research and Development Megaprimer: Win32 Egghunter
Exploit Research and Development Megaprimer: Win32 Egghunter
 
D1T3-Anto-Joseph-Droid-FF
D1T3-Anto-Joseph-Droid-FFD1T3-Anto-Joseph-Droid-FF
D1T3-Anto-Joseph-Droid-FF
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshop
 

Similar to Fuzzing | Null OWASP Mumbai | 2016 June

Buffer overflow explained
Buffer overflow explainedBuffer overflow explained
Buffer overflow explained
Teja Babu
 
AV Evasion with the Veil Framework
AV Evasion with the Veil FrameworkAV Evasion with the Veil Framework
AV Evasion with the Veil Framework
VeilFramework
 
Introduction to Python Programming
Introduction to Python ProgrammingIntroduction to Python Programming
Introduction to Python Programming
Akhil Kaushik
 
Compilers and interpreters
Compilers and interpretersCompilers and interpreters
Compilers and interpreters
RAJU KATHI
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
Farouk2nd
 
E.s unit 6
E.s unit 6E.s unit 6
E.s unit 6
Sneha Chopra
 
Anatomy of PHP Shells
Anatomy of PHP ShellsAnatomy of PHP Shells
Anatomy of PHP Shells
Vedran Krivokuca
 
Advanced Arm Exploitation
Advanced Arm ExploitationAdvanced Arm Exploitation
Advanced Arm Exploitation
Himanshu Khokhar Jaat
 
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsReversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basics
Cysinfo Cyber Security Community
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
Rafel Ivgi
 
Shell scrpting(payal harne)
Shell scrpting(payal harne)Shell scrpting(payal harne)
Shell scrpting(payal harne)
PayalHarne
 
Fuzzing Linux Kernel
Fuzzing Linux KernelFuzzing Linux Kernel
Fuzzing Linux Kernel
Piyush Mishra
 
Introduction to system programming
Introduction to system programmingIntroduction to system programming
Introduction to system programming
sonalikharade3
 
Chapter 1: Introduction to Command Line
Chapter 1: Introduction to Command LineChapter 1: Introduction to Command Line
Chapter 1: Introduction to Command Line
azzamhadeel89
 
report
reportreport
report
Diptika Shukla
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Qualcomm Developer Network
 
Introduction to programming
Introduction to programmingIntroduction to programming
Introduction to programming
Gwyneth Calica
 
Chapter 1: Introduction to Command Line
Chapter 1: Introduction to Command LineChapter 1: Introduction to Command Line
Chapter 1: Introduction to Command Line
azzamhadeel89
 
Dll injection
Dll injectionDll injection
Dll injection
KarlFrank99
 
soctool.pdf
soctool.pdfsoctool.pdf
soctool.pdf
nitinscribd
 

Similar to Fuzzing | Null OWASP Mumbai | 2016 June (20)

Buffer overflow explained
Buffer overflow explainedBuffer overflow explained
Buffer overflow explained
 
AV Evasion with the Veil Framework
AV Evasion with the Veil FrameworkAV Evasion with the Veil Framework
AV Evasion with the Veil Framework
 
Introduction to Python Programming
Introduction to Python ProgrammingIntroduction to Python Programming
Introduction to Python Programming
 
Compilers and interpreters
Compilers and interpretersCompilers and interpreters
Compilers and interpreters
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
 
E.s unit 6
E.s unit 6E.s unit 6
E.s unit 6
 
Anatomy of PHP Shells
Anatomy of PHP ShellsAnatomy of PHP Shells
Anatomy of PHP Shells
 
Advanced Arm Exploitation
Advanced Arm ExploitationAdvanced Arm Exploitation
Advanced Arm Exploitation
 
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsReversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basics
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
 
Shell scrpting(payal harne)
Shell scrpting(payal harne)Shell scrpting(payal harne)
Shell scrpting(payal harne)
 
Fuzzing Linux Kernel
Fuzzing Linux KernelFuzzing Linux Kernel
Fuzzing Linux Kernel
 
Introduction to system programming
Introduction to system programmingIntroduction to system programming
Introduction to system programming
 
Chapter 1: Introduction to Command Line
Chapter 1: Introduction to Command LineChapter 1: Introduction to Command Line
Chapter 1: Introduction to Command Line
 
report
reportreport
report
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
 
Introduction to programming
Introduction to programmingIntroduction to programming
Introduction to programming
 
Chapter 1: Introduction to Command Line
Chapter 1: Introduction to Command LineChapter 1: Introduction to Command Line
Chapter 1: Introduction to Command Line
 
Dll injection
Dll injectionDll injection
Dll injection
 
soctool.pdf
soctool.pdfsoctool.pdf
soctool.pdf
 

More from nullowaspmumbai

Xxe
XxeXxe
Xxe
nullowaspmumbai
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics
nullowaspmumbai
 
Switch security
Switch securitySwitch security
Switch security
nullowaspmumbai
 
Radio hacking - Part 1
Radio hacking - Part 1 Radio hacking - Part 1
Radio hacking - Part 1
nullowaspmumbai
 
How I got my First CVE
How I got my First CVE How I got my First CVE
How I got my First CVE
nullowaspmumbai
 
Power forensics
Power forensicsPower forensics
Power forensics
nullowaspmumbai
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
nullowaspmumbai
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
nullowaspmumbai
 
Internet censorship circumvention techniques
Internet censorship circumvention techniquesInternet censorship circumvention techniques
Internet censorship circumvention techniques
nullowaspmumbai
 
How i got my first cve
How i got my first cveHow i got my first cve
How i got my first cve
nullowaspmumbai
 
Adversarial machine learning updated
Adversarial machine learning updatedAdversarial machine learning updated
Adversarial machine learning updated
nullowaspmumbai
 
Commix
Commix Commix
Commix
nullowaspmumbai
 
Adversarial machine learning
Adversarial machine learning Adversarial machine learning
Adversarial machine learning
nullowaspmumbai
 
Dll Hijacking
Dll Hijacking Dll Hijacking
Dll Hijacking
nullowaspmumbai
 
Abusing Target
Abusing Target Abusing Target
Abusing Target
nullowaspmumbai
 
NTFS Forensics
NTFS Forensics NTFS Forensics
NTFS Forensics
nullowaspmumbai
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
nullowaspmumbai
 
Ganesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsGanesh naik linux_kernel_internals
Ganesh naik linux_kernel_internals
nullowaspmumbai
 
Buffer overflow null
Buffer overflow nullBuffer overflow null
Buffer overflow null
nullowaspmumbai
 
Null mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya JamkhandeNull mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya Jamkhande
nullowaspmumbai
 

More from nullowaspmumbai (20)

Xxe
XxeXxe
Xxe
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics
 
Switch security
Switch securitySwitch security
Switch security
 
Radio hacking - Part 1
Radio hacking - Part 1 Radio hacking - Part 1
Radio hacking - Part 1
 
How I got my First CVE
How I got my First CVE How I got my First CVE
How I got my First CVE
 
Power forensics
Power forensicsPower forensics
Power forensics
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
 
Internet censorship circumvention techniques
Internet censorship circumvention techniquesInternet censorship circumvention techniques
Internet censorship circumvention techniques
 
How i got my first cve
How i got my first cveHow i got my first cve
How i got my first cve
 
Adversarial machine learning updated
Adversarial machine learning updatedAdversarial machine learning updated
Adversarial machine learning updated
 
Commix
Commix Commix
Commix
 
Adversarial machine learning
Adversarial machine learning Adversarial machine learning
Adversarial machine learning
 
Dll Hijacking
Dll Hijacking Dll Hijacking
Dll Hijacking
 
Abusing Target
Abusing Target Abusing Target
Abusing Target
 
NTFS Forensics
NTFS Forensics NTFS Forensics
NTFS Forensics
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
 
Ganesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsGanesh naik linux_kernel_internals
Ganesh naik linux_kernel_internals
 
Buffer overflow null
Buffer overflow nullBuffer overflow null
Buffer overflow null
 
Null mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya JamkhandeNull mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya Jamkhande
 

Recently uploaded

The Maritime Security. OSINT [EN] .pdf
The Maritime Security. OSINT [EN] .pdfThe Maritime Security. OSINT [EN] .pdf
The Maritime Security. OSINT [EN] .pdf
Snarky Security
 
Multimodal Embeddings (continued) - South Bay Meetup Slides
Multimodal Embeddings (continued) - South Bay Meetup SlidesMultimodal Embeddings (continued) - South Bay Meetup Slides
Multimodal Embeddings (continued) - South Bay Meetup Slides
Zilliz
 
Informatika smk kelas 10 kurikulum merdeka.pptx
Informatika smk kelas 10 kurikulum merdeka.pptxInformatika smk kelas 10 kurikulum merdeka.pptx
Informatika smk kelas 10 kurikulum merdeka.pptx
OkyPrayudi
 
Generative AI technology is a fascinating field that focuses on creating comp...
Generative AI technology is a fascinating field that focuses on creating comp...Generative AI technology is a fascinating field that focuses on creating comp...
Generative AI technology is a fascinating field that focuses on creating comp...
Nohoax Kanont
 
UiPath Community Day Amsterdam: Code, Collaborate, Connect
UiPath Community Day Amsterdam: Code, Collaborate, ConnectUiPath Community Day Amsterdam: Code, Collaborate, Connect
UiPath Community Day Amsterdam: Code, Collaborate, Connect
UiPathCommunity
 
FIDO Munich Seminar: FIDO Tech Principles.pptx
FIDO Munich Seminar: FIDO Tech Principles.pptxFIDO Munich Seminar: FIDO Tech Principles.pptx
FIDO Munich Seminar: FIDO Tech Principles.pptx
FIDO Alliance
 
Best USA IPTV Providers to Stream in 2024.pdf
Best USA IPTV Providers to Stream in 2024.pdfBest USA IPTV Providers to Stream in 2024.pdf
Best USA IPTV Providers to Stream in 2024.pdf
perth Riya
 
Mega MUG 2024: Working smarter in Marketo
Mega MUG 2024: Working smarter in MarketoMega MUG 2024: Working smarter in Marketo
Mega MUG 2024: Working smarter in Marketo
Stephanie Tyagita
 
Scientific-Based Blockchain TON Project Analysis Report
Scientific-Based Blockchain TON Project Analysis ReportScientific-Based Blockchain TON Project Analysis Report
Scientific-Based Blockchain TON Project Analysis Report
SelcukTOPAL2
 
Project management Course in Australia.pptx
Project management Course in Australia.pptxProject management Course in Australia.pptx
Project management Course in Australia.pptx
deathreaper9
 
Using ScyllaDB for Real-Time Write-Heavy Workloads
Using ScyllaDB for Real-Time Write-Heavy WorkloadsUsing ScyllaDB for Real-Time Write-Heavy Workloads
Using ScyllaDB for Real-Time Write-Heavy Workloads
ScyllaDB
 
Epicor Kinetic REST API Services Overview.pptx
Epicor Kinetic REST API Services Overview.pptxEpicor Kinetic REST API Services Overview.pptx
Epicor Kinetic REST API Services Overview.pptx
Piyush Khalate
 
FIDO Munich Seminar: Securing Smart Car.pptx
FIDO Munich Seminar: Securing Smart Car.pptxFIDO Munich Seminar: Securing Smart Car.pptx
FIDO Munich Seminar: Securing Smart Car.pptx
FIDO Alliance
 
TribeQonf2024_Dimpy_ShiftingSecurityLeft
TribeQonf2024_Dimpy_ShiftingSecurityLeftTribeQonf2024_Dimpy_ShiftingSecurityLeft
TribeQonf2024_Dimpy_ShiftingSecurityLeft
Dimpy Adhikary
 
FIDO Munich Seminar FIDO Automotive Apps.pptx
FIDO Munich Seminar FIDO Automotive Apps.pptxFIDO Munich Seminar FIDO Automotive Apps.pptx
FIDO Munich Seminar FIDO Automotive Apps.pptx
FIDO Alliance
 
AMD Zen 5 Architecture Deep Dive from Tech Day
AMD Zen 5 Architecture Deep Dive from Tech DayAMD Zen 5 Architecture Deep Dive from Tech Day
AMD Zen 5 Architecture Deep Dive from Tech Day
Low Hong Chuan
 
Indian Privacy law & Infosec for Startups
Indian Privacy law & Infosec for StartupsIndian Privacy law & Infosec for Startups
Indian Privacy law & Infosec for Startups
AMol NAik
 
Easy Compliance is Continuous Compliance
Easy Compliance is Continuous ComplianceEasy Compliance is Continuous Compliance
Easy Compliance is Continuous Compliance
Anchore
 
CI/CD pipelines for CloudHub 2.0 - Wroclaw MuleSoft Meetup #2
CI/CD pipelines for CloudHub 2.0 - Wroclaw MuleSoft Meetup #2CI/CD pipelines for CloudHub 2.0 - Wroclaw MuleSoft Meetup #2
CI/CD pipelines for CloudHub 2.0 - Wroclaw MuleSoft Meetup #2
wromeetup
 
The Challenge of Interpretability in Generative AI Models.pdf
The Challenge of Interpretability in Generative AI Models.pdfThe Challenge of Interpretability in Generative AI Models.pdf
The Challenge of Interpretability in Generative AI Models.pdf
Sara Kroft
 

Recently uploaded (20)

The Maritime Security. OSINT [EN] .pdf
The Maritime Security. OSINT [EN] .pdfThe Maritime Security. OSINT [EN] .pdf
The Maritime Security. OSINT [EN] .pdf
 
Multimodal Embeddings (continued) - South Bay Meetup Slides
Multimodal Embeddings (continued) - South Bay Meetup SlidesMultimodal Embeddings (continued) - South Bay Meetup Slides
Multimodal Embeddings (continued) - South Bay Meetup Slides
 
Informatika smk kelas 10 kurikulum merdeka.pptx
Informatika smk kelas 10 kurikulum merdeka.pptxInformatika smk kelas 10 kurikulum merdeka.pptx
Informatika smk kelas 10 kurikulum merdeka.pptx
 
Generative AI technology is a fascinating field that focuses on creating comp...
Generative AI technology is a fascinating field that focuses on creating comp...Generative AI technology is a fascinating field that focuses on creating comp...
Generative AI technology is a fascinating field that focuses on creating comp...
 
UiPath Community Day Amsterdam: Code, Collaborate, Connect
UiPath Community Day Amsterdam: Code, Collaborate, ConnectUiPath Community Day Amsterdam: Code, Collaborate, Connect
UiPath Community Day Amsterdam: Code, Collaborate, Connect
 
FIDO Munich Seminar: FIDO Tech Principles.pptx
FIDO Munich Seminar: FIDO Tech Principles.pptxFIDO Munich Seminar: FIDO Tech Principles.pptx
FIDO Munich Seminar: FIDO Tech Principles.pptx
 
Best USA IPTV Providers to Stream in 2024.pdf
Best USA IPTV Providers to Stream in 2024.pdfBest USA IPTV Providers to Stream in 2024.pdf
Best USA IPTV Providers to Stream in 2024.pdf
 
Mega MUG 2024: Working smarter in Marketo
Mega MUG 2024: Working smarter in MarketoMega MUG 2024: Working smarter in Marketo
Mega MUG 2024: Working smarter in Marketo
 
Scientific-Based Blockchain TON Project Analysis Report
Scientific-Based Blockchain TON Project Analysis ReportScientific-Based Blockchain TON Project Analysis Report
Scientific-Based Blockchain TON Project Analysis Report
 
Project management Course in Australia.pptx
Project management Course in Australia.pptxProject management Course in Australia.pptx
Project management Course in Australia.pptx
 
Using ScyllaDB for Real-Time Write-Heavy Workloads
Using ScyllaDB for Real-Time Write-Heavy WorkloadsUsing ScyllaDB for Real-Time Write-Heavy Workloads
Using ScyllaDB for Real-Time Write-Heavy Workloads
 
Epicor Kinetic REST API Services Overview.pptx
Epicor Kinetic REST API Services Overview.pptxEpicor Kinetic REST API Services Overview.pptx
Epicor Kinetic REST API Services Overview.pptx
 
FIDO Munich Seminar: Securing Smart Car.pptx
FIDO Munich Seminar: Securing Smart Car.pptxFIDO Munich Seminar: Securing Smart Car.pptx
FIDO Munich Seminar: Securing Smart Car.pptx
 
TribeQonf2024_Dimpy_ShiftingSecurityLeft
TribeQonf2024_Dimpy_ShiftingSecurityLeftTribeQonf2024_Dimpy_ShiftingSecurityLeft
TribeQonf2024_Dimpy_ShiftingSecurityLeft
 
FIDO Munich Seminar FIDO Automotive Apps.pptx
FIDO Munich Seminar FIDO Automotive Apps.pptxFIDO Munich Seminar FIDO Automotive Apps.pptx
FIDO Munich Seminar FIDO Automotive Apps.pptx
 
AMD Zen 5 Architecture Deep Dive from Tech Day
AMD Zen 5 Architecture Deep Dive from Tech DayAMD Zen 5 Architecture Deep Dive from Tech Day
AMD Zen 5 Architecture Deep Dive from Tech Day
 
Indian Privacy law & Infosec for Startups
Indian Privacy law & Infosec for StartupsIndian Privacy law & Infosec for Startups
Indian Privacy law & Infosec for Startups
 
Easy Compliance is Continuous Compliance
Easy Compliance is Continuous ComplianceEasy Compliance is Continuous Compliance
Easy Compliance is Continuous Compliance
 
CI/CD pipelines for CloudHub 2.0 - Wroclaw MuleSoft Meetup #2
CI/CD pipelines for CloudHub 2.0 - Wroclaw MuleSoft Meetup #2CI/CD pipelines for CloudHub 2.0 - Wroclaw MuleSoft Meetup #2
CI/CD pipelines for CloudHub 2.0 - Wroclaw MuleSoft Meetup #2
 
The Challenge of Interpretability in Generative AI Models.pdf
The Challenge of Interpretability in Generative AI Models.pdfThe Challenge of Interpretability in Generative AI Models.pdf
The Challenge of Interpretability in Generative AI Models.pdf
 

Fuzzing | Null OWASP Mumbai | 2016 June

  • 2. WhoAmI  Working with Payatu Technologies as Security Consultant.  Trainer and Freelancer  Webpentesting, VAPT and Android App Pentesting
  • 3. Agenda • What we will cover - Fuzzing  Buffer Overflow(EIP Overwrite)  ShellCode Execution  Ownage • What we will do - EIP overwrite, which will allow us to gain control of program execution and redirect it to our shellcode • How we will do – Exploiting stack based buffer overflow in the Windows application MiniShare 1.4.1.
  • 4. Fuzzing • Fuzzing is a process of sending deliberately malformed data to a program in order to generate failures, or errors in the application. • When performed by those in the software exploitation community, fuzzing usually focuses on discovery of bugs that can be exploited to allow an attacker to run their own code, and along with binary and source code analysis. • Fuzzing is one of the primary ways in which exploitable software bugs are discovered.
  • 5. BufferOverflow • A buffer overflow is a condition when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. • The general idea is there is an application that accepts input from a user without any bounds checking. This allows us to overwrite the memory space “buffer” and hopefully overwrite the EIP register which will allows us to redirect program execution to our shellcode.
  • 6. Shellcode • A shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. • It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine. • Shellcode can either be local or remote. In our case, it is local and not remote.
  • 7. System Requirement 1. VM platform (Virtualbox, VMware, etc.) 2. Have a Windows 32-bit XP VM and a Kali Linux VM 3. OllyDbg Debugger. 4. Minishare 1.4.1 - http://sites.google.com/site/lupingreycorner/minishare-1.4.1.zip
  • 8. Assembly Basics • Assembly language is considered a low level language that is a human readable version of a computer’s architecture instruction set. • Since we cannot learn assembly within a day just remember – 1) Instruction Pointer: EIP – Register that contains the memory address of the next instruction to be executed by the program. EIP tells the CPU what to do next. 2) Stack Pointer: ESP – Register pointing to the top of the stack at any time
  • 9. DEMO • Fuzz Minishare • Crash it. • Execute Shellcode. • Own windows system.