This is quick commo check and update to my progress with the PWBv3 course.
I’ve spent the better part of this week knee deep in shellcode, assembly and debuggers… and let me tell you my brain needs a break! Don’t let the latter sentence scare you away from this course; the tutorials and examples are excellent, even if you’ve never read the output of a debugger before you can handle it with the help of the videos and lab guide. I just finished the “extra mile” portions of the buffer overflows module. I was determined to nail those! I’ve also read that the extra mile modules will help you in your quest for the OSCP certification (24 hours hack some boxes, remember?). I found this site to be very helpful when trying my hand at an SEH overflow.
Diving into this training has afforded me the opportunity to strengthen muscles that I used daily, but to also train new ones, with regards to pen testing.
I’ll be writing up more about stack based buffer overflows and basic fuzzing in the future.
2 thoughts on “Shellcode, Assembly and Buffer Overflow”
Can you please assist me with the sendmail 8.12.8 vulnerability how can we take root access on the computer? thanks in advance
Alexia, while the TOSagreements we signed with Offsec prevents me from just spelling out a walk-through on how to get at specific machines, I’ll try to give you productive advice. Also, I’d like to note that part of the way this course works is it forces you to “try harder” (heard that a few times in the IRC and forums I’m sure!), and the reward after you figure out the solution is very fulfilling. I highly suggest getting onto the IRC channel (#offsec on freenode) and also trolling the forums if you haven’t been already. Don’t just blatantly ask for the answer, but tips and guidance is allowed. The IRC is a godsend, trust me! Sorry I can’t be more specific but A). I want you to succeed with this course and get the full advantage and B). It’s been so long that I would have to go back to my notes to even remember what the attack scenario was! Good luck, happy hunting… and to quote the Offsec crew: “Try Harder!”