Saved Return Pointer Overflows
For our first buffer overflow exploit we will be starting with the most straight forward scenario where we have a clean EIP overwrite and one of our CPU registers points directly to a large portion of our buffer. For this part we will be creating an exploit from scratch for ”FreeFloat FTP”. You can find a list of several exploits that were created for ”FreeFloat FTP” here.
Normally we would need to do badcharacter analysis but for our first tutorial we will rely on the badcharacters that are listed in the pre-existing metasploit modules on exploit-db. The characters that are listed are ”\x00\x0A\x0D”. We need to keep these characters in mind for later.
Exploit Development: Backtrack 5/Kali Linux
Debugging Machine: Windows XP PRO SP3
Vulnerable Software: Download
Image Source: img.wonderhowto.com
Realize that learning hacking can be a slow and a tedious process. You’ll achieve your goal if you enjoy the process of experimenting and by embracing the frustrations you face when things don’t work, and when you suddenly get curious about an infrastructure.
Step 1. Install Kali linux. (I liked it when they called this backtrack. 😦 )
Rebirth of BackTrack, the Penetration Testing Distribution. Set this as your wallpaper till you don’t get a firm grip on basic commands.
Step 2. Start learning programming side by side. Also, set aside a specific time for working on networking and hacking everyday.
Step 3. Learn about network infrastructures, cryptography and how things are built. The last one is really important, if you are to invade a building, it is very helpful to have a blueprint and knowledge of how it was built in order to start the invasion. Learn about routers and firewalls.
Step 4. Don’t read, do!
Step 5. Learn common exploits, basic stuff used for wireless cracking WPA/WPA 2 airsniff, aircrack-ng. SQL-Injection, decryption techniques, brute force etc. When you read about them, do them. Make a lock, and break it. Doing is extremely important.
I write this from my experience. When I was in 4th grade, I was crazy about computer networks. In 6th grade we had a hacking competition (not a hackathon) in school, where we had to hack the school server and get access to encrypted data (using a server client which had limited privileges). In my house, I had about 5 computers in a room, a CAT 5 cable and some free time with me.
There were no 6th graders in the competition and I had to get special permission. So 9th and 10th grade kids were all up for the competition and everybody had a weird look when I walked in. Some even started laughing, that I’d try my hand at hacking. I hacked the server within 15 minutes and bagged the prize. They had about 6 hours and none of them could do it.
Also, no amount of courses or books can teach you how to hack. Just like you don’t learn driving by reading books, you need to learn hacking by doing it. Have a server set up, and try to hack it. Others have already mentioned it, but please don’t be the next Ankit Fadia.
Image source: bbb.org , cs-agreda.com