OSCP – Module 6 Buffer Overflows Question

This topic contains 10 replies, has 5 voices, and was last updated by  esojzuir 6 years, 8 months ago.

  • Author
    Posts
  • #8291
     esojzuir 
    Participant

    Hi… can anyone help me out here? For the OSCP exam do you use only the regular overflow or do you need to know SEH stack based overflows???

    Thanks in advance

  • #52221
     Dark_Knight 
    Participant

    Well we are not allowed to discuss the details of the exam. However, what I will say is this. Make sure you understand the course material.

  • #52222
     KrisTeason 
    Participant

    I’ll ++1 to what Dark_Knight said. Be sure that you know all of the course material comfortably before you attempt the examination. The best way to gear for this is practice, practice, practice! I recommend doing the Extra Mile Exercises also to make yourself more familiar.

  • #52223
     esojzuir 
    Participant

    Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat – SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.

  • #52224
     Phillip Wylie 
    Participant

    Try harder!ย  ๐Ÿ˜‰

  • #52225
     esojzuir 
    Participant

    @r0ckm4n wrote:

    Try harder!ย  ๐Ÿ˜‰

    I will!!!!! ๐Ÿ™‚

  • #52226
     Phillip Wylie 
    Participant

    @esojzuir wrote:

    @r0ckm4n wrote:

    Try harder!ย  ๐Ÿ˜‰

    I will!!!!! ๐Ÿ™‚

    I the spirit of Offensive Security, I had to do it.

  • #52227
     superkojiman 
    Participant

    @esojzuir wrote:

    Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat – SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.

    Sounds like you’re ready. If you want more practice,ย  search for buffer overflows at Exploit-DB. In some cases, the vulnerable software is included so you can download it and recreate the exploit.

  • #52228
     esojzuir 
    Participant

    @superkojiman wrote:

    @esojzuir wrote:

    Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat – SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.

    Sounds like you’re ready. If you want more practice, ย search for buffer overflows at Exploit-DB. In some cases, the vulnerable software is included so you can download it and recreate the exploit.

    Hey! I checked your website and you have awesome material! One question regarding your pivoting series. if I want to recreate your setup do I have to use a GNS3 setup or can I use, say a 2003 server with RRAS configured to act as a router? I think this tutorials are great to avoid using metasploit for pivoting on the exam, in case you need to pivot, and maybe save the opportunity to use it for a harder machine! Thanks again for your amazing website!

  • #52229
     superkojiman 
    Participant

    @esojzuir wrote:

    @superkojiman wrote:

    @esojzuir wrote:

    Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat – SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.

    Sounds like you’re ready. If you want more practice, ย search for buffer overflows at Exploit-DB. In some cases, the vulnerable software is included so you can download it and recreate the exploit.

    Hey! I checked your website and you have awesome material! One question regarding your pivoting series. if I want to recreate your setup do I have to use a GNS3 setup or can I use, say a 2003 server with RRAS configured to act as a router? I think this tutorials are great to avoid using metasploit for pivoting on the exam, in case you need to pivot, and maybe save the opportunity to use it for a harder machine! Thanks again for your amazing website!

    You can use whatever setup you want really. The main thing is your pivot point (in my case the web server) has access to both networks and your attacking machine only has access to the web server. Glad you found the articles useful. ๐Ÿ™‚

  • #52230
     esojzuir 
    Participant

    Really useful, I’m exploring your site since Monday!!!!! Thanks!!!!

You must be logged in to reply to this topic.

Copyright ยฉ2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?