This is a continuation of Video Session 39. In this session we will see ways of finding vulnerabilities in executables. Crafting an input string to vulnerable programs to shift the control of flow of execution to some other part in the code section. Injecting shell code via input string and transferring control of flow to it. We will learn how to inject shell code via environment variables and transferring control of flow to it. Addressing problems that most of the students face when exploiting vulnerable programs outside gdb. Exploiting a vulnerable echo server executing on a remote machine and creating a tcp bind shell and a reverse tcp shell. A discussion on bypassing exploit mitigation techniques used by most modern operating systems and compilers.

Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src

Leave a Reply

Your email address will not be published.