Introduction

Steps

  • Spiking (Find a vulnerable part of a program)

  • Fuzzing (Send a bunch of characters to the program and see if we can break it)

  • Finding the offset (Find the exact part that our program is breaking)

  • Overwrite the EIP (Set what next instruction is executed)

  • Finding the right module to jump to ESP

  • Finding bad characters (Avoid that our exploitation breaks the program)

  • Generating Shellcode (Create malicious code to be executed in program)

Be inside!!

Attach tasks in Immunity Debugger

  1. Download here: https://debugger.immunityinc.com/ID_register.py

  2. Install it

  3. Open it as Administrator

  4. Menu part:

    1. File

    2. Attach (or Ctrl + F1)

    3. Select the process to attach

    4. Clic on Attach

    5. Bottom right part, we see Paused, clic menu in ▶️ button. Now bottom we se Running.

    6. That's it

PreviousStack-BasedNextSpiking

Last updated