Started doing some buffer overflow exploit development. Hoping to better understand some of the exploits used when doing CTF’s and such. Nothing fancy, 32 bit vulnerable apps (on Windows 10) to try and learn about the process. I wrote an app fuzzer in python that is pretty re-usable. Takes IP and PORT as required arguments, there are optional arguments for a buffer prefix (vulnerable apps like Vulnserver and OSCP.exe need those), and will also allow you to set the number of bytes and the increment for each new socket/payload, default is 10 which works pretty well. I have tested it on several vulnerable apps and they all crash consistently around where they should. This is just to give you an idea of the offset so you can follow up with pattern matching.
https://github.com/rflemen/python_code/blob/main/buffer_overflows/application_fuzzer/fuzzer.py
