-
Assume you have a buffer overflow vulnerability. You can control the EIP. But your shellcode is never executed. Your shellcode is executed when a ret instruction is executed which calls the address you overwrite. But maybe the ret at the end of the function where the buffer overflow occurs is never reached, because you overwrote the…
-
Use the bof1_web.py or bof1_socket.py to start. Use bof1_socket_10.py to determine the position of the EIP. Use bof2_socket_20.py with the found EIP offset to verify that the EIP was overwritten with B’s. Use bof3_socket_10.py with the found EIP and find all bad chars. Find with Mona a JMP address. Create payload, add it and €profit. 0. Confirm vulnerability Download…