OSCP – Module 6 Buffer Overflows Question

Viewing 10 reply threads
  • Author
    Posts
    • #8291
      esojzuir
      Participant

      Hi… can anyone help me out here? For the OSCP exam do you use only the regular overflow or do you need to know SEH stack based overflows???

      Thanks in advance

    • #52221
      Dark_Knight
      Participant

      Well we are not allowed to discuss the details of the exam. However, what I will say is this. Make sure you understand the course material.

    • #52222
      KrisTeason
      Participant

      I’ll ++1 to what Dark_Knight said. Be sure that you know all of the course material comfortably before you attempt the examination. The best way to gear for this is practice, practice, practice! I recommend doing the Extra Mile Exercises also to make yourself more familiar.

    • #52223
      esojzuir
      Participant

      Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat – SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.

    • #52224
      Phillip Wylie
      Participant

      Try harder!  😉

    • #52225
      esojzuir
      Participant

      @r0ckm4n wrote:

      Try harder!  😉

      I will!!!!! 🙂

    • #52226
      Phillip Wylie
      Participant

      @esojzuir wrote:

      @r0ckm4n wrote:

      Try harder!  😉

      I will!!!!! 🙂

      I the spirit of Offensive Security, I had to do it.

    • #52227
      superkojiman
      Participant

      @esojzuir wrote:

      Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat – SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.

      Sounds like you’re ready. If you want more practice,  search for buffer overflows at Exploit-DB. In some cases, the vulnerable software is included so you can download it and recreate the exploit.

    • #52228
      esojzuir
      Participant

      @superkojiman wrote:

      @esojzuir wrote:

      Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat – SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.

      Sounds like you’re ready. If you want more practice,  search for buffer overflows at Exploit-DB. In some cases, the vulnerable software is included so you can download it and recreate the exploit.

      Hey! I checked your website and you have awesome material! One question regarding your pivoting series. if I want to recreate your setup do I have to use a GNS3 setup or can I use, say a 2003 server with RRAS configured to act as a router? I think this tutorials are great to avoid using metasploit for pivoting on the exam, in case you need to pivot, and maybe save the opportunity to use it for a harder machine! Thanks again for your amazing website!

    • #52229
      superkojiman
      Participant

      @esojzuir wrote:

      @superkojiman wrote:

      @esojzuir wrote:

      Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat – SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.

      Sounds like you’re ready. If you want more practice,  search for buffer overflows at Exploit-DB. In some cases, the vulnerable software is included so you can download it and recreate the exploit.

      Hey! I checked your website and you have awesome material! One question regarding your pivoting series. if I want to recreate your setup do I have to use a GNS3 setup or can I use, say a 2003 server with RRAS configured to act as a router? I think this tutorials are great to avoid using metasploit for pivoting on the exam, in case you need to pivot, and maybe save the opportunity to use it for a harder machine! Thanks again for your amazing website!

      You can use whatever setup you want really. The main thing is your pivot point (in my case the web server) has access to both networks and your attacking machine only has access to the web server. Glad you found the articles useful. 🙂

    • #52230
      esojzuir
      Participant

      Really useful, I’m exploring your site since Monday!!!!! Thanks!!!!

Viewing 10 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?