Welcome to Part 3 of the Exploit Research Megaprimer. Please begin this series by watching Part 1, if you have not already done so!
In this video, we will look at how to exploit a simple buffer overflow caused by misuse of the strcpy function. You can download the vulnerable server Server-Strcpy.exe and follow this video.
We will take the vulnerable server, understand how it works, write a python program to cause a buffer overflow, use Immunity Debugger to investigate the buffer overflow, find the offset of the Return Address and ESP from the start of the user input. Then we will create a payload and try to exploit the overflow, but we will figure out that our payload and return address contains the bad character 0x00. We will then learn how to find bad characters, use a “JMP ESP” address in a DLL to exploit this overflow, use msfpayload and msfencode to create a payload without the bad characters to finally exploit this overflow! We will be looking at some new concepts which include jumping to our payload on the stack using a “JMP ESP” instruction, finding and removing bad characters and understanding the need for a NOP Sled.
