@skk – even I struggled with the buffer overflow material of OSCP and wasted most of my lab time.
I finally managed to figure it out when I tested it in my own lab and got a shell on the victim machine. Hence my suggestion, move on with the rest of the course and do not waste your lab time on buffer overflow exploitation. Once your lab time is up, you can focus on testing it locally.
After you get a feel for how a basic stack overflow works, go to exploit-db and recreate as many exploits as possible. Meaning, down load the vulnerable software, try to find the bug your self and recreate the exploit. It’s the best practice you can get.
I also highly recommend downloading “Freefloat FTP Server” there are a hundred buffer overflows in it and its a fantastic way to practice.
Viewing 4 reply threads
You must be logged in to reply to this topic.
– EH-Net Live!Thurs Oct 29 @ 1:00 PM US ET. Details Coming Soon!