Complete enumeration tool for win32 binaries vulnerable to stack based buffer overflows. Written in python.
This tool will perform dymanic analysis of a win32 binary. It can, without interaction, go from fuzzing to badchar detection to shellcode generation.
- Uses wine. No windows host needed - only the binary and its custom .DLL dependencies (windows DLLs are linked automatically though)
- Automatic fuzzing
- Automatic pattern generation and offset identification
- Automatic badchar detection
- Automatic module identification and selection
- ALSR/NX/Safe SEH detection: BOFenum only searches for gadgets (jmp esp) in modules without exploit mitigations turned on.
- Automatic gadget identification, will find jmp esp (ff e4) and push esp; ret (54 c3)
- Automatic shellcode generation
- 100% local - this is only an enumeration tool for binary analysis. No actual exploitation is performed on any remote host.
You need the following tools to use this: wine (for wine and winedbg), pev (to read the binary headers) and msfvenom (to generate shellcode). Tested with wine 6.0 and pev 0.80
sudo apt-get install pev
sudo apt install wine64
sudo apt-get install metaploit-framework
sudo pkill -f wine #to make sure there are no wine/winedbg instances running
sudo python3 BOFenum.py targetBin tport [-h] [-p PREFIX] [-w] [-l LPORT] [-H LHOST] [-r RHOST] [-f FUZZSTART] [-s FUZZSTRIDE]
Offsec staff have confirmed that this tool is disallowed on the exam (I got to use it because I was the author)