Welcome to Part 5 of the Exploit Research Megaprimer. Please begin this series by watching Part 1, if you have not already done so!
In this video, we will look at how to exploit a buffer overflow which was disclosed on Exploit-Db - FreeSSHD 1.0.9 Buffer Overflow
. You can download the FreeSSHD Program
and follow this video.
We will first start by understanding the vulnerability from it's description on Exploit-Db and then reproduce the same in our lab setup. After this, we will use the Immunity Debugger to examine the exploit conditions, find the offsets for RET and ESP overwrite, find the bad characters which are 0x00, create shellcode for the payload encoding for these bad characters, create the exploit program and finally exploit the program! One of the interesting things you will find in this program is that the RET address and ESP are not adjacent to each other like in the previous examples.
Hope you enjoy this video! Please do leave your comments behind.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.