@DeepinX said:
I need to ask a few questions about BOF in general. For some reasons I have never heard of someone not being able to get the BOF in the exam but I could not get it when I did the exam.
So what I wanted is for someone to point me to a guide that could help. I have done the SLmail BOF more than 6 times already with no problems. So is there a encoder I should look at other than msfvenom for BOF or am I missing something stupid?Please don’t “over share” as I don’t want to lose the cert before I even get it xD
I will be doing the exam on Monday and this will be my second time.
If you follow the PDF, you should be good. Keep the following process;
- Finding buffer length, make sure you can overflow EIP
- Finding badcharacters is important, you’ll have to do this for the BO
- Use an appropriate amount of NOPs
- Try first with calc.exe instead of a (reverse) shell
I’ve spent a lot of time on the BO during my OSCP exam. At the end I decided to RTFM and noticed I forgot the NOPs. After a facepalm and including some \x90’s, it worked flawless.
Other subject “HTB” is harder than “OSCP” - In my opinion, overall the machines on HTB require some more digging than the average OSCP machine. I find both environments challenging and most of all: a lot of fun!