.

OSCP - Module 6 Buffer Overflows Question

<<

esojzuir

User avatar

Newbie
Newbie

Posts: 37

Joined: Mon May 02, 2011 9:41 pm

Post Tue Mar 12, 2013 5:14 pm

OSCP - Module 6 Buffer Overflows Question

Hi... can anyone help me out here? For the OSCP exam do you use only the regular overflow or do you need to know SEH stack based overflows???

Thanks in advance
Last edited by esojzuir on Tue Mar 12, 2013 5:21 pm, edited 1 time in total.
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Tue Mar 12, 2013 6:26 pm

Re: OSCP - Module 6 Buffer Overflows Question

Well we are not allowed to discuss the details of the exam. However, what I will say is this. Make sure you understand the course material.
Last edited by Dark_Knight on Tue Mar 12, 2013 6:28 pm, edited 1 time in total.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Mar 12, 2013 6:28 pm

Re: OSCP - Module 6 Buffer Overflows Question

I'll ++1 to what Dark_Knight said. Be sure that you know all of the course material comfortably before you attempt the examination. The best way to gear for this is practice, practice, practice! I recommend doing the Extra Mile Exercises also to make yourself more familiar.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

esojzuir

User avatar

Newbie
Newbie

Posts: 37

Joined: Mon May 02, 2011 9:41 pm

Post Tue Mar 12, 2013 7:07 pm

Re: OSCP - Module 6 Buffer Overflows Question

Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat - SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.
Last edited by esojzuir on Tue Mar 12, 2013 7:18 pm, edited 1 time in total.
<<

rockman

Full Member
Full Member

Posts: 104

Joined: Sun Apr 06, 2008 12:38 pm

Post Tue Mar 12, 2013 7:12 pm

Re: OSCP - Module 6 Buffer Overflows Question

Try harder!  ;)
CISSP, IAM, working on OSCP
<<

esojzuir

User avatar

Newbie
Newbie

Posts: 37

Joined: Mon May 02, 2011 9:41 pm

Post Tue Mar 12, 2013 7:19 pm

Re: OSCP - Module 6 Buffer Overflows Question

r0ckm4n wrote:Try harder!  ;)


I will!!!!! :)
<<

rockman

Full Member
Full Member

Posts: 104

Joined: Sun Apr 06, 2008 12:38 pm

Post Tue Mar 12, 2013 7:22 pm

Re: OSCP - Module 6 Buffer Overflows Question

esojzuir wrote:
r0ckm4n wrote:Try harder!  ;)


I will!!!!! :)


I the spirit of Offensive Security, I had to do it.
CISSP, IAM, working on OSCP
<<

superkojiman

User avatar

Jr. Member
Jr. Member

Posts: 81

Joined: Thu Sep 20, 2012 9:42 pm

Post Tue Mar 12, 2013 11:33 pm

Re: OSCP - Module 6 Buffer Overflows Question

esojzuir wrote:Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat - SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.


Sounds like you're ready. If you want more practice,  search for buffer overflows at Exploit-DB. In some cases, the vulnerable software is included so you can download it and recreate the exploit.
OSCP + OSCE
<<

esojzuir

User avatar

Newbie
Newbie

Posts: 37

Joined: Mon May 02, 2011 9:41 pm

Post Wed Mar 13, 2013 5:35 am

Re: OSCP - Module 6 Buffer Overflows Question

superkojiman wrote:
esojzuir wrote:Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat - SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.


Sounds like you're ready. If you want more practice,  search for buffer overflows at Exploit-DB. In some cases, the vulnerable software is included so you can download it and recreate the exploit.


Hey! I checked your website and you have awesome material! One question regarding your pivoting series. if I want to recreate your setup do I have to use a GNS3 setup or can I use, say a 2003 server with RRAS configured to act as a router? I think this tutorials are great to avoid using metasploit for pivoting on the exam, in case you need to pivot, and maybe save the opportunity to use it for a harder machine! Thanks again for your amazing website!
Last edited by esojzuir on Wed Mar 13, 2013 9:13 am, edited 1 time in total.
<<

superkojiman

User avatar

Jr. Member
Jr. Member

Posts: 81

Joined: Thu Sep 20, 2012 9:42 pm

Post Wed Mar 13, 2013 10:04 am

Re: OSCP - Module 6 Buffer Overflows Question

esojzuir wrote:
superkojiman wrote:
esojzuir wrote:Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat - SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.


Sounds like you're ready. If you want more practice,  search for buffer overflows at Exploit-DB. In some cases, the vulnerable software is included so you can download it and recreate the exploit.


Hey! I checked your website and you have awesome material! One question regarding your pivoting series. if I want to recreate your setup do I have to use a GNS3 setup or can I use, say a 2003 server with RRAS configured to act as a router? I think this tutorials are great to avoid using metasploit for pivoting on the exam, in case you need to pivot, and maybe save the opportunity to use it for a harder machine! Thanks again for your amazing website!


You can use whatever setup you want really. The main thing is your pivot point (in my case the web server) has access to both networks and your attacking machine only has access to the web server. Glad you found the articles useful. :)
OSCP + OSCE
<<

esojzuir

User avatar

Newbie
Newbie

Posts: 37

Joined: Mon May 02, 2011 9:41 pm

Post Wed Mar 13, 2013 12:11 pm

Re: OSCP - Module 6 Buffer Overflows Question

Really useful, I'm exploring your site since Monday!!!!! Thanks!!!!
Last edited by esojzuir on Wed Mar 13, 2013 12:13 pm, edited 1 time in total.

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software