OSCP Buffer Overflow practice?

I found this really helpful: GitHub - justinsteven/dostackbufferoverflowgood

I agree with others BOF is the easiest box in the exam.

@plackyhacker said:
I found this really helpful: GitHub - justinsteven/dostackbufferoverflowgood

I agree with others BOF is the easiest box in the exam.

+1 this guide. This is how I learned how to stack based buffer overflow. It’s very thorough, I read every word of this guide, completed the challenge then tried the vulnserver app & it made so much sense.

@onlyamedic said:

@plackyhacker said:
I found this really helpful: GitHub - justinsteven/dostackbufferoverflowgood

I agree with others BOF is the easiest box in the exam.

+1 this guide. This is how I learned how to stack based buffer overflow. It’s very thorough, I read every word of this guide, completed the challenge then tried the vulnserver app & it made so much sense.

I also found the examples given in this blog entry good practice: https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/

For me the best way to do is reading “smashing the stack for fun and profit”.
This paper is the holy bible of BOF.

After that, smashthestack or Exploit exercises give you a good practice step by step to break a piece of sofware with BOF.

Another VM where you can have fun is kioptrix 1.2 where you have a good exemple of BOF.

Here is some links :

https://exploit-exercises.com/
http://smashthestack.org/wargames.html
https://travisf.net/smashing-the-stack-today

SmashTheTux is a good VM too :

Awesome! Thanks guys. I took some of your advice and took the exam… i did not do well at all, but i did learn that my anxiety does make me do really stupid stuff (like set the LHOST as the RHOST) so I need to work on that.

I do appreciate the links and information given, I will take a look and read up on my weak areas. Thanks again, all!

Is the BoF in the exam similar to something like Chatterbox where you have to identify the service, then simply rewrite the shellcode of a pre-existing exploit script? Or do they expect you to write your own from scratch or something?

Write your own from scratch. It’s simple compared to some of the binary exploitation you will face on htb, and it’s completely covered in the course work.

@midi said:
Is the BoF in the exam similar to something like Chatterbox where you have to identify the service, then simply rewrite the shellcode of a pre-existing exploit script? Or do they expect you to write your own from scratch or something?

+1 Can any one please answer to this ?

@osama123 said:

@midi said:
Is the BoF in the exam similar to something like Chatterbox where you have to identify the service, then simply rewrite the shellcode of a pre-existing exploit script? Or do they expect you to write your own from scratch or something?

+1 Can any one please answer to this ?

You write it from scratch as they show you in the training material…

sneaky was a nice basic bof too and october

you can try Buffer Overflows Made Easy - Part 1: Introduction - YouTube as a learning material.
And for practice GitHub - freddiebarrsmith/Buffer-Overflow-Exploit-Development-Practice: Good For OSCP Training

Oh man… BOF wise I would check out Ellingson… Get through that and you should have no problem with the BOF on the exam.
As for pivoting, I’m currently on Ghoul and theres so serious pivoting going on. Spent a day just learning about it to be able to do it correctly.

Try out Bighead

on the exam pay attention to the .dll you select while looking for jmp esp

@TheJ0k3r said:
on the exam pay attention to the .dll you select while looking for jmp esp

BOF itself is really easy on OSCP, but sometimes it is not that simple to get shell back from BOF machine, because it is other factors that not letting you do that.

@3mrgnc3 said:
Try out Bighead

Bighead is more for OSCE, as you have to use an egghunter + you have to dig through the code to find it, so its much more complicated than the simple BOF used in OSCP…

But it is one of the few HTB machines that you can use for OSCE practice, and a nice machine BTW, so thanks :slight_smile:

You are very welcome @21y4d
I intended it as OSCE practice for people.
??

Guys I have a doubt , in oscp do we get a machine like BRAINPAN with simple BOF or some kinda machines with ASLR bypass??

Type your comment> @3mrgnc3 said:

Try out Bighead

Shameless :wink: I see you.

I have written a small writeup for vulnserver which might help you in OSCP exam.
Here is the link for that: