Giter Club home page Giter Club logo

osce's Introduction

Buffer overflow Windows exploit development practice - 50 proof of concepts

What this repo is: After obtaining my OSCP, as preparation for my upcoming OSCE certification I challenged myself to re-write 50 proof of concepts for pre-existing exploits in software, all of which are Windows based.

NO looking at the original POC ๐Ÿ˜ฃ no cheating

Secondly, this repo contains a handful of 0 days and CVE publications I have discovered and contributed while searching for new vulnerabilities in software.

Welcome to the early 2000's :)

I am writing 50 POC's for various exploits for educational purposes.

Exploits written : 29/50
Metasploit modules: 1
Metasploit contributions : 0
0day discoveries : 6
Assigned CVE's : 2

I would like to include but not be limited to : Vannila EIP overwrite, SEH + egghunters, ASLR/DEP/NX , SafeSeh, Stack cookies, unicode restrictions, and much more...

Vanilla Stack Based Buffer Overflow

  1. Vulnserver TRUN vanilla EIP overflow
  2. FreeFloat FTP Server vanilla EIP overflow
  3. PCMan FTP Server vanilla EIP overflow
  4. Brainpan VulnHub box vanilla EIP overflow
  5. DoStackBufferOverflowGood vanilla EIP overflow
  6. MiniShare 1.4.1 vanilla EIP overflow
  7. ASX to MP3 converter 3.1.2.1 vanilla EIP overflow
  8. VUPlayer 2.49 .wax vanilla EIP overflow

Structured Exception Handler (SEH) Overwrite + egghunter

Standard:

  1. Easy File Sharing Web Server SEH overflow
  2. Millenium MP3 Studio 2.0 SEH overflow
  3. Free MP3 CD Ripper 2.6 SEH overflow
  4. RGUI i386 3.4.4 local SEH overflow
  5. Audiograbber 1.83 local SEH overflow
  6. 10-Strike Network Inventory Explorer SEH overflow

With egghunter: 2004 whitepaper

  1. Easy File Sharing Web Server SEH overflow + egghunter
  2. Vulnserver GMON SEH overflow + egghunter
  3. Xitami Web Server 2.5 SEH overflow + egghunter + partial SEH overwrite

Overflow Character restrictions

Unicode restrictions: 2002 whitepaper

  1. GoldWave 5.70 local SEH + unicode bypass + Venetian alignment
  2. CodeBlocks 17.12 local SEH + unicode bypass + Venetian alignment

Alphanumeric restrictions:

  1. Vulnserver LTER vanilla EIP overflow + alphanumeric bypass

ROP to bypass Data Execution Prevention (DEP)

  1. Vulnserver TRUN + DEP enabled + ROP chain - VirtualProtect() method
  2. ASX to MP3 converter 3.1.2.1 + DEP enabled + ROP chain - VirtualProtect() method
  3. VUPlayer 2.49 + DEP enabled + ROP chain - VirtualProtect() method

Bypassing ASLR - Partial EIP overwrite

Vanilla EIP Heap spraying

  1. RSP MP3 Player - OCX ActiveX EIP heap spray

Use-After-Free (UAF) Heap spraying

Bypassing EMET 5.2

0day discoveries / disclosures

  1. exploit-db DeviceViewer Sricam 3.12x local DOS buffer overflow
  2. exploit-db Easy File Sharing Web Server 7.2 SEH overflow
  3. CVE-2019-16724 File Sharing Wizard remote SEH overflow
  4. CVE-2019-17181 IntraSrv webserver 1.0 SEH overflow

Metasploit modules

Someone else contributing my exploits:

  1. windows/http/file_sharing_wizard_seh

Modules contributed by me:

osce's People

Contributors

fullshade avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.