OSCP Buffer Overflow practice?

edited May 16, 2018 in Off-topic

Hi everyone, I am new here and I am working on getting the OSCP, but I have a few things that I am struggling in. The biggest thing seems to be Buffer Overflows. Another thing I seem to be struggling with is pivoting.

Can someone point me in the right direction? Like which HTB machines have the same type of conditions for BOF and pivoting.

I would like to take the exam in like a month. Also, if anyone has any tips for not feeling overwhelmed that would be great. Thanks in advance for any responses.

Comments

  • Something to consider to help feeling less overwhelmed, burn your first exam. Ready or not, just take it.

    I'm guessing that a good portion of your overwhelmed feeling is coming from anxiety about not knowing what the exam is like, or what to expect in it. Maybe take a different approach to the exam. Think of your first attempt as less "I need to pass this" and more "I should do a trial run to see what it's like first hand".

    A retake is only $60, so not a huge barrier to overcome. After you purchase the retake, you get another 90 days to schedule it, which gives you more time to prepare and learn. Failed exams aren't recorded, and don't count against you. On the plus side, you'll be prepared for your next attempt, you'll know what to expect.

    image

  • I know that Jail machine relies heavily on Buffer Overflows, and Grandpa relies on pivoting.

    Ippsec does a great job explaining both of these topics in his videos video about these machines on YouTube.

    I think you should take the exam regardless whether you'll pass it or not. If you pass it from first try then great. If not, then you have a very clear image about the exam and direction on how to prepare for the retake.

    Wish you all the best.

  • My advice is firstly do the oscp lab buffer overflow from the pdf guide. Then do it again without the pdf guide and see if you can repeat the process. And do it again!
    Once you have the steps to do this clearly, the stack based buffer overflow won't faze you.
    There are lots of examples of vulnerable services online that you can try too (search vulnserver.exe on your search engine of choice).

  • BOF is the easiest machine in OSCP exam, should not take more than 1 hour,
    focus on getting bad chars, follow below steps :

    Step1- Fuzzing
    Step2- Replicating the crash
    Step3-generate-unique-buffer
    step4-control-EIP
    step5-find-space ( if needed )
    step6-Findings-Bad-characters
    step7-mona-script
    step8-shellcode
    step9-got admin shell
    step10- submit proof.txt

  • edited May 16, 2018

    So I have done it based on > @richeze said:

    My advice is firstly do the oscp lab buffer overflow from the pdf guide. Then do it again without the pdf guide and see if you can repeat the process. And do it again!
    Once you have the steps to do this clearly, the stack based buffer overflow won't faze you.
    There are lots of examples of vulnerable services online that you can try too (search vulnserver.exe on your search engine of choice).

    So I have done that, and I feel that I have a good handle on it without instructions, but when I was watching a friend do one, it seemed like I don't know, Greek or something... maybe I am overthinking this. I do have extreme test anxiety, well just anxiety period, so every time I take one of these kinds of exams I freak out. So it could be that or I don't know. It's kind of daunting I guess.

    Any way, I purchased the VIP package for HTB because I ran out of lab time and just feel overall unprepared - Thanks for the insight and I will look for vulnserver.exe.

    Also, thanks to everyone else that commented as well, this is all very helpful information. I appreciate it.

  • edited May 16, 2018

    What I did when I was working on the OSCP is go on exploit-db, search for old exploits that used a buffer overflow and exploit these myself. There are some FTP applications from the XP age that are especially good practice!

  • @theParadox007 said:
    Hi everyone, I am new here and I am working on getting the OSCP, but I have a few things that I am struggling in. The biggest thing seems to be Buffer Overflows. Another thing I seem to be struggling with is pivoting.

    Can someone point me in the right direction? Like which HTB machines have the same type of conditions for BOF and pivoting.

    I would like to take the exam in like a month. Also, if anyone has any tips for not feeling overwhelmed that would be great. Thanks in advance for any responses.

    Vulnserver from the greycorner will be a great help for basic stack buffer overflow practice. It's even a good tool to practice egg hunting which you will need to know like the back of your hand for OSCE and beyond. I downloaded a lot of basic stack BOF's from expoit-db and recreated them without a template just to make sure I could smash that challenge fast.

    http://www.thegreycorner.com/2010/12/introducing-vulnserver.html

  • @theParadox007 said:
    So I have done it based on > @richeze said:

    My advice is firstly do the oscp lab buffer overflow from the pdf guide. Then do it again without the pdf guide and see if you can repeat the process. And do it again!
    Once you have the steps to do this clearly, the stack based buffer overflow won't faze you.
    There are lots of examples of vulnerable services online that you can try too (search vulnserver.exe on your search engine of choice).

    So I have done that, and I feel that I have a good handle on it without instructions, but when I was watching a friend do one, it seemed like I don't know, Greek or something... maybe I am overthinking this. I do have extreme test anxiety, well just anxiety period, so every time I take one of these kinds of exams I freak out. So it could be that or I don't know. It's kind of daunting I guess.

    Any way, I purchased the VIP package for HTB because I ran out of lab time and just feel overall unprepared - Thanks for the insight and I will look for vulnserver.exe.

    Also, thanks to everyone else that commented as well, this is all very helpful information. I appreciate it.

    Was he doing the same kind of exploit? There's a huge variety of ways even just buffer overflows can be done.

    Frondosus

  • Brainpan on Vulnhub

  • > @wbbugs said:
    > Brainpan on Vulnhub

    +1, if you undertand that one OSCP bof is alike.
  • I read somewhere no pivot in the exam, is it right ?

    peek

  • @cdf123 said:
    Something to consider to help feeling less overwhelmed, burn your first exam. Ready or not, just take it.

    I'm guessing that a good portion of your overwhelmed feeling is coming from anxiety about not knowing what the exam is like, or what to expect in it. Maybe take a different approach to the exam. Think of your first attempt as less "I need to pass this" and more "I should do a trial run to see what it's like first hand".

    A retake is only $60, so not a huge barrier to overcome. After you purchase the retake, you get another 90 days to schedule it, which gives you more time to prepare and learn. Failed exams aren't recorded, and don't count against you. On the plus side, you'll be prepared for your next attempt, you'll know what to expect.

    Yeah, That's pretty cool idea.

  • edited May 18, 2018

    The BOF box should be the least of your worries. Make sure you understand them, you dont need to be able to do a BOF blindfolded with your hands tied behind your back. Just take good notes on the course exercise and you will be fine, the BOF is the easiest of the exam boxes.

    @peek said:
    I read somewhere no pivot in the exam, is it right ?

    Correct, there is no pivoting in the exam.

    Also, Idk what box the person several posts above thinks he did but Grandpa did not have any pivoting what so ever on it.

    lowpriv

  • @lowpriv said:
    The BOF box should be the least of your worries. Make sure you understand them, you dont need to be able to do a BOF blindfolded with your hands tied behind your back. Just take good notes on the course exercise and you will be fine, the BOF is the easiest of the exam boxes.

    @peek said:
    I read somewhere no pivot in the exam, is it right ?

    Correct, there is no pivoting in the exam.

    Also, Idk what box the person several posts above thinks he did but Grandpa did not have any pivoting what so ever on it.

    Sometimes this bof has extra surprises and then ... but this is beyond non-disclosure agreemend all OSCP holder made with offsec.

  • @Malfurion said:

    @theParadox007 said:
    Hi everyone, I am new here and I am working on getting the OSCP, but I have a few things that I am struggling in. The biggest thing seems to be Buffer Overflows. Another thing I seem to be struggling with is pivoting.

    Can someone point me in the right direction? Like which HTB machines have the same type of conditions for BOF and pivoting.

    I would like to take the exam in like a month. Also, if anyone has any tips for not feeling overwhelmed that would be great. Thanks in advance for any responses.

    Vulnserver from the greycorner will be a great help for basic stack buffer overflow practice. It's even a good tool to practice egg hunting which you will need to know like the back of your hand for OSCE and beyond. I downloaded a lot of basic stack BOF's from expoit-db and recreated them without a template just to make sure I could smash that challenge fast.

    http://www.thegreycorner.com/2010/12/introducing-vulnserver.html

    Yeah thats kind of what I am hoping to do and eventually I do plan on doing the OSCE at some point in the future as my work has a pretty good CE program.

    Also, thanks for the link.

  • @Frondosus said:

    @theParadox007 said:
    So I have done it based on > @richeze said:

    My advice is firstly do the oscp lab buffer overflow from the pdf guide. Then do it again without the pdf guide and see if you can repeat the process. And do it again!
    Once you have the steps to do this clearly, the stack based buffer overflow won't faze you.
    There are lots of examples of vulnerable services online that you can try too (search vulnserver.exe on your search engine of choice).

    So I have done that, and I feel that I have a good handle on it without instructions, but when I was watching a friend do one, it seemed like I don't know, Greek or something... maybe I am overthinking this. I do have extreme test anxiety, well just anxiety period, so every time I take one of these kinds of exams I freak out. So it could be that or I don't know. It's kind of daunting I guess.

    Any way, I purchased the VIP package for HTB because I ran out of lab time and just feel overall unprepared - Thanks for the insight and I will look for vulnserver.exe.

    Also, thanks to everyone else that commented as well, this is all very helpful information. I appreciate it.

    Was he doing the same kind of exploit? There's a huge variety of ways even just buffer overflows can be done.

    I think it was a far more complex version of a BOF and he was going so fast I was like... lol what? So that could have just been on me not understanding exactly what he was doing and because I am me, it shook my confidence in understanding. So, I just want to make sure that I am not going to have issues during the exam.

    Thanks for the input, I do appreciate it

  • @cdf123 said:
    Something to consider to help feeling less overwhelmed, burn your first exam. Ready or not, just take it.

    I'm guessing that a good portion of your overwhelmed feeling is coming from anxiety about not knowing what the exam is like, or what to expect in it. Maybe take a different approach to the exam. Think of your first attempt as less "I need to pass this" and more "I should do a trial run to see what it's like first hand".

    A retake is only $60, so not a huge barrier to overcome. After you purchase the retake, you get another 90 days to schedule it, which gives you more time to prepare and learn. Failed exams aren't recorded, and don't count against you. On the plus side, you'll be prepared for your next attempt, you'll know what to expect.

    100% agree. Just took and passed my OSCP and I did my first attempt with the mindset that I had to just get the 'unknown' taken care of.

  • edited May 19, 2018

    @theParadox007 said:

    @Malfurion said:

    @theParadox007 said:
    Hi everyone, I am new here and I am working on getting the OSCP, but I have a few things that I am struggling in. The biggest thing seems to be Buffer Overflows. Another thing I seem to be struggling with is pivoting.

    Can someone point me in the right direction? Like which HTB machines have the same type of conditions for BOF and pivoting.

    I would like to take the exam in like a month. Also, if anyone has any tips for not feeling overwhelmed that would be great. Thanks in advance for any responses.

    Vulnserver from the greycorner will be a great help for basic stack buffer overflow practice. It's even a good tool to practice egg hunting which you will need to know like the back of your hand for OSCE and beyond. I downloaded a lot of basic stack BOF's from expoit-db and recreated them without a template just to make sure I could smash that challenge fast.

    http://www.thegreycorner.com/2010/12/introducing-vulnserver.html

    Yeah thats kind of what I am hoping to do and eventually I do plan on doing the OSCE at some point in the future as my work has a pretty good CE program.

    Also, thanks for the link.

    No probs mate, Also Hacksysteam have a vulnerable kernel driver which is similar to vulnserver but for kernel exploits. Kinda way out of the league for OSCP/E but still great fun to play with. I just dont like windbg so need to learn to love it coz theres nothing better lol.

  • I found this really helpful: https://github.com/justinsteven/dostackbufferoverflowgood

    I agree with others BOF is the easiest box in the exam.

    plackyhacker

  • @plackyhacker said:
    I found this really helpful: https://github.com/justinsteven/dostackbufferoverflowgood

    I agree with others BOF is the easiest box in the exam.

    +1 this guide. This is how I learned how to stack based buffer overflow. It's very thorough, I read every word of this guide, completed the challenge then tried the vulnserver app & it made so much sense.

  • @onlyamedic said:

    @plackyhacker said:
    I found this really helpful: https://github.com/justinsteven/dostackbufferoverflowgood

    I agree with others BOF is the easiest box in the exam.

    +1 this guide. This is how I learned how to stack based buffer overflow. It's very thorough, I read every word of this guide, completed the challenge then tried the vulnserver app & it made so much sense.

    I also found the examples given in this blog entry good practice: https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/

    plackyhacker

  • For me the best way to do is reading "smashing the stack for fun and profit".
    This paper is the holy bible of BOF.

    After that, smashthestack or Exploit exercises give you a good practice step by step to break a piece of sofware with BOF.

    Another VM where you can have fun is kioptrix 1.2 where you have a good exemple of BOF.

    Here is some links :

    https://exploit-exercises.com/
    http://smashthestack.org/wargames.html
    https://travisf.net/smashing-the-stack-today

    SmashTheTux is a good VM too :
    https://www.vulnhub.com/entry/smashthetux-101,138/

    Jugulairel

  • Awesome! Thanks guys. I took some of your advice and took the exam... i did not do well at all, but i did learn that my anxiety does make me do really stupid stuff (like set the LHOST as the RHOST) so I need to work on that.

    I do appreciate the links and information given, I will take a look and read up on my weak areas. Thanks again, all!

Sign In or Register to comment.