28 Apr 2013

Exploitation - Testing environment

Well I messed a little bit around with some shellcoding atm,
and tested things in my Virtual Environment - Got a Shell, but because of the Effective User ID is set to r3verse, is on purpose, since I wanted to see the function in action.

Anyways -
Success on SHELL by using Netcat to enstablish a TCP bind socket connection on port 31337.

Using a program I used from AoE, I managed to get a shell enstablished.

As image shows bellow.

Newly exploited Tinyweb server, and got r00t access! =)

Took a bit of time to figure out, but while I was calculating about how large my NOP sled should be and allign the 78-byte shellcode, since the buffer was 500 bytes I knew that I had a chance to get control over the program execution - and thereby exploited the web server! ...  It's a good day!