Skip to content

ricardojoserf/vulnserver-exploits

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Vulnserver: Fuzzing and Exploits

OS: Windows 7 SP1 version 6.1 (32 bits). All of them work (TRUN and GTER socket reuse scripts must be updated).

Exploits

GMON

  • Vanilla Buffer Overflow

GTER

  • Egghunter

  • Socket reuse (buf variable must be updated, check notes)

HTER

  • Hexadecimal encoding Buffer Overflow

KSTET

  • Egghunter

  • Socket reuse

LTER

  • SEH (bypassing ASLR)

TRUN

  • Vanilla Buffer Overflow

  • Socket reuse (buf variable must be updated, check notes)


Fuzzing with Peach

  1. Start Peach
C:\> peach.exe -a tcp

Screenshot

  1. Run the "vulnserver.xml" Peach file and test the command you want:
C:\> peach.exe vulnserver.xml TestKSTET

Screenshot

Fuzzing with Boofuzz

  1. Run the "vulnserver_boofuzz.py" Boofuzz file and test the command you want:
python vulnserver_boofuzz.py 192.168.112.145 9999 TRUN
  1. Attach the process to OllyDbg to check when and how it crashes

Installation

Vulnserver:

Ollydbg:

Peach (optional):

Boofuzz (optional)([docs]):

  • pip install boofuzz

References

Fuzzing with Peach:

http://www.rockfishsec.com/2014/01/fuzzing-vulnserver-with-peach-3.html

https://sh3llc0d3r.com/fuzzing-vulnserver-with-peach/

KSTET Socket reuse

https://deceiveyour.team/2018/10/15/vulnserver-kstet-ws2_32-recv-function-re-use/

https://rastating.github.io/using-socket-reuse-to-exploit-vulnserver/

GTER Socket reuse

https://www.absolomb.com/2018-07-24-VulnServer-GTER/