Hands-on Fuzzing and Exploit Development (Advanced)

Name: Hands-on Fuzzing and Exploit Development (Advanced)
Rating: 4.3 (88 reviews)

Learn advanced techniques of creating exploits

Created byUday Mittal

Last updated 3/2024

English

What you'll learn

Advanced techniques of creating exploits such as Egg Hunters, ASLR Bypass, Function reuse etc.
Writing Unicode compatible exploits
How to do long and short jumps in exploits
How to do stack pivoting
Fuzzing through Spike, Peach Fuzzer, FilFuzz and BooFuzz
Creating Peach Pits, BooFuzz scripts and fuzzing scripts in Python
How to tackle restrictive conditions such as limited buffer space or limited character set
Create exploits from scratch for complicated file-formats such as ZIP
Manually encoding shellcode

Course content

8 sections • 52 lectures • 9h 59m total length

Introduction4:28
This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.
Download Links to the tools mentioned:
Kali Linux 2018.1: https://www.kali.org/news/kali-linux-2018-1-release/
Immunity Debugger: https://www.immunityinc.com/products/debugger/
Mona Library: https://github.com/corelan/mona
Vuln server (target software): https://github.com/stephenbradshaw/vulnserver
Sublime Text Editor: https://www.sublimetext.com/
Virtual Box: https://www.virtualbox.org/wiki/Downloads
VMWare: https://www.vmware.com/in/products/workstation-player/workstation-player-evaluation.html
Notepad++: https://notepad-plus-plus.org/download/v7.6.1.html
Fuzzing7:34
This video gives an overview of fuzzing and then demonstrates how to fuzz a server using Spike fuzzer
PoC Creation4:37
In this video, we'll take the results from the previous part and create a PoC script in Python. The aim is to replicate the crash in the target application.
Controlling the execution10:37
In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application.
Bad character analysis8:08
In the video, we identify the bad characters which might break our final payload.
Cracking the shell14:22
In this video, we will complete our exploit by integrating the payload shellcode and finally execute it to obtain shell from the target machine.

Introduction5:42
This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.
Download Links to the tools mentioned:
Kali Linux 2018.1: https://www.kali.org/news/kali-linux-2018-1-release/
Immunity Debugger: https://www.immunityinc.com/products/debugger/
Mona Library: https://github.com/corelan/mona
Peach Fuzzer: https://sourceforge.net/projects/peachfuzz/
CoolPlayer+ Portable (target software): https://www.exploit-db.com/apps/3279a02f72b3c5ec5870e7b0b19d2305-CoolPlayer219_Bin.zip
Sublime Text Editor: https://www.sublimetext.com/
Virtual Box: https://www.virtualbox.org/wiki/Downloads
VMWare: https://www.vmware.com/in/products/workstation-player/workstation-player-evaluation.html
Notepad++: https://notepad-plus-plus.org/download/v7.6.1.html

Note: Instead of FileFuzz we'll be using Peach Fuzzer in this module
Fuzzing14:08
This video gives an overview of fuzzing and then demonstrates how to fuzz an application using Peach fuzzer
PoC Creation4:59
In this video, we'll take the results from the previous part and create a PoC script in Python. The aim is to replicate the crash in the target application.
Bad character analysis4:25
In the video, we identify the bad characters which might break our final payload.
Controlling the execution (ASLR Bypass)13:55
In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application.
Controlling the execution (Stack Pivoting)13:07
In this video, we'll enhance the PoC created in the previous part to carve out a long jump via Stack Pivoting.
Cracking the shell12:30
In this video, we will complete our exploit by integrating the payload shellcode and finally execute it to obtain shell from the target machine.

Introduction4:05
This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.
Download Links to the tools mentioned:
· Kali Linux 2018.1: https://www.kali.org/news/kali-linux-2018-1-release/
· Immunity Debugger: https://www.immunityinc.com/products/debugger/
· Mona Library: https://github.com/corelan/mona
· File Fuzz: https://filefuzz.software.informer.com/2.0/
· Alpha2 Encoder: https://github.com/haxtivitiez/Alpha2-encoder
· Triologic Media Player 8: https://www.exploit-db.com/apps/4e68d370d54180157bf1b578407848f4-triomp8setup.exe
· Sublime Text Editor: https://www.sublimetext.com/
· Virtual Box: https://www.virtualbox.org/wiki/Downloads
· VMWare: https://www.vmware.com/in/products/workstation-player/workstation-player-evaluation.html
· Notepad++: https://notepad-plus-plus.org/download/v7.6.1.html
Fuzzing10:48
This video gives an overview of fuzzing and then demonstrates how to fuzz an application using File Fuzz
PoC Creation8:31
In this video, we'll take the results from the previous part and create a PoC script in Python. The aim is to replicate the crash in the target application.
Controlling the Execution (SEH Overwrite)11:33
In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application using SEH overwrite technique
Controlling the execution (Aligning register for shellcode)13:14
In this video, we'll enhance the PoC created in the previous part to align a CPU register for the final payload shellcode.
Bad character analysis8:20
In the video, we identify the bad characters which might break our final payload.
Cracking the shell8:17
In this video, we will complete our exploit by integrating the payload shellcode and finally execute it to obtain shell from the target machine.

Link to download Alpha2 encoder: https://github.com/haxtivitiez/Alpha2-encoder

Introduction5:52
This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.
Fuzzing12:25
This video gives an overview of fuzzing and then demonstrates how to fuzz an application using BooFuzz
PoC Creation9:11
In this video, we'll take the results from the previous part and create a PoC script in Python. The aim is to replicate the crash in the target application.
Controlling the execution12:13
In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application.
Bad character analysis13:05
In the video, we identify the bad characters which might break our final payload.
Cracking the shell (First-stage payload)24:08
In this video, we will enhance our exploit by developing and integrating the first stage payload shellcode.
Cracking the shell (Second-stage payload)7:11
In this video, we will complete our exploit by integrating the payload shellcode and finally execute it to obtain shell from the target machine.
Bonus: BooFuzz Installation9:18
This video covers the installation of BooFuzz, fuzzing framework, on Kali Linux 2018.1 and Microsoft Windows 7 SP1 (32-bit)

Introduction3:37
This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.
Fuzzing (Understanding ZIP file format specification)13:44
This video gives an overview of exploit development process and fuzzing. It also explains the ZIP file format specification.
Fuzzing (Reverse engineering ZIP file structure) Part 114:40
In this video we correlate the zip file format specification with the zip file structure used by the target application. This is done by reverse engineering a zip file created by the target application.
Fuzzing (Reverse engineering ZIP file structure) Part 210:21
In this video we correlate the zip file format specification with the zip file structure used by the target application. This is done by reverse engineering a zip file created by the target application.
Fuzzing (Creating fuzzing script)18:28
In this video we create a fuzzing script in Python, based on our correlation exercise.
Fuzzing (Fuzz QuickZip.exe)12:06
In this video we create sample ZIP files using the fuzzing script and fuzz the target application using FileFuzz
PoC Creation8:09
In this video, we'll take the results from the previous part and create a PoC script in Python. The aim is to replicate the crash in the target application.
Controlling the execution23:49
In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application.
Bad character analysis - Part 117:05
Bad character analysis - Part 212:48
In the video, we identify the bad characters which might break our final payload.
Cracking the shell (Short Jump)16:30
In this video, we add complimentary conditional short jump to the PoC.
Cracking the shell (Long Jump)16:11
In this video we carve out a long jump onto the stack
Cracking the shell (Egg Hunter - Encoding - Part 1)20:40
In this video we generate egg hunter shellcode and start the process of encoding it manually.
Cracking the shell (Egg Hunter - Encoding - Part 2)15:58
In this video, we complete the process of manually encoding the egg hunter shellcode.
Cracking the shell (Egg Hunter - Execution)17:05
In this video, we add the encoded egg hunter to the PoC and give it a test run.
Cracking the shell (Payload shellcode)17:10
In this video, we generate the payload shellcode, encode it using an encoder and execute it to obtain a shell from the target machine.

Introduction3:15
This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.

Download Links to the tools mentioned:
Kali Linux 2018.1: https://www.kali.org/news/kali-linux-2018-1-release/
Immunity Debugger: https://www.immunityinc.com/products/debugger/
Mona Library: https://github.com/corelan/mona
Axessh 4.2 (target software): https://www.exploit-db.com/apps/12d8cee31a99cdbd7d30ebf5c86c57ca-axessh.exe
Sublime Text Editor: https://www.sublimetext.com/
Virtual Box: https://www.virtualbox.org/wiki/Downloads
VMWare: https://www.vmware.com/in/products/workstation-player/workstation-player-evaluation.html
Notepad++: https://notepad-plus-plus.org/download/v7.6.1.html
Python: https://www.python.org/downloads/release/python-2716/
Fuzzing13:02
This video gives an overview of fuzzing and then demonstrates how to fuzz input fields in an application.
PoC Creation3:52
In this video, we'll take the results from the previous part and create a PoC script in Python. The aim is to replicate the crash in the target application.
Controlling the Execution15:48
In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application.
Bad character analysis11:02
In the video, we identify the bad characters which might break our final payload.
Cracking the shell - Stage 116:25
In this video, we will enhance our exploit by integrating the stage 1 payload shellcode and execute it to download stage 2 payload.
Cracking the shell - Stage 29:41
Developing remote SEH overwrite exploit for Integard Pro 2.2.0.90267:55

Requirements

Basic knowledge of x86 Assembly Language
Basic knowledge of Kali Linux
Basic knowledge of Python
Basic knowledge of Metasploit
Basic concepts of fuzzing
Basic knowledge of Immunity Debugger

Description

About this course

This course builds upon my previous course, Hands-on Exploit Development on Udemy.

It will teach you advanced techniques of exploiting a buffer overflow vulnerability. Egg hunters, ASLR bypass, Stack Pivoting, Function Reuse, Manual encoding are some of the techniques covered in this course.

It follows the six stages of exploit development and gives a detailed walk-through of each. Each module starts by identifying the vulnerability via fuzzing. You'll learn, server fuzzing (using Spike) and file format fuzzing (using Peach Fuzzer). It then shows you how to create a PoC to trigger the vulnerability and convert that PoC into a working exploit.

Through this course you will get introduced to various tools such as Immunity Debugger, Mona library for Immunity Debugger, Metasploit, msfvenom, Spike, Peach Fuzzer, BooFuzz and much more. This course is designed to be short and concise yet packed with practical knowledge.

Each video includes learning resources (in video) and associated files (pdf slides, fuzzing scripts, peach pit python script etc.). You can just follow along and create a working exploit. It's that simple. Happy hacking!

What our fellow students say about this course

"I have been looking for resources to learn different techniques of exploit development. This course was a great find. It is very easy to follow along and understand the concepts." - Surbhi Goel

"Great! More fuzzing tools are introduced." - Ying-Chen Chiou

"pretty good basics,easy to follow buffer overflow" - Arun Mathew

Who this course is for:

Students curious about building exploits
Ethical Hackers
Penetration Testers
Cybersecurity Professionals
People preparing for OSCP, OSCE etc.

Hands-on Fuzzing and Exploit Development (Advanced)

What you'll learn

Explore related topics

Course content

Module 1 (Egg Hunters)6 lectures • 50min

Module 2 (ASLR Bypass + Stack Pivoting)7 lectures • 1hr 9min

Module 3 (Unicode)7 lectures • 1hr 5min

Assignment: NetSetMan 4.7.10

Module 4 (Limited Buffer Space / Function Reuse)8 lectures • 1hr 33min

Module 5 (Acrobatics / QuickZip)16 lectures • 3hr 58min

Module 6 (Input Field Exploits / Multi-stage)8 lectures • 1hr 21min

Assignment: Kenward Zipper 1.40

Requirements

Description

Who this course is for: