Buffer Overflow Script: BunnyOverflow
I recently took a stab at the OSCP exam. Unfortunately, I was unsuccessful in my attempt. However, I did not want the experience to go to waste. While I was preparing for the OSCP, I started working on buffer overflow attacks. I thought to myself that there had to be a way to automate portions of the procedure.
With that, I went to work on a script that would help speed up the process of creating a Windows stack-based buffer overflow.
Below is a simple demonstration of the script I created. It is called BunnyOverflow. I hope that this is useful to someone. If you have any suggestions on how to make the script better, feel free to let me know.
Buffer Overflow Code
This video introduces two different projects that I have been working on. The first is the BunnyOverflow script, and the second is a C# application called Find BadChars.
This C# application is meant to be used in conjunction with the python script. It simply takes the output of the Immunity debugger and detects bad characters in the shellcode.
You will find that I have created a link in the readme on the Find BadChars GitHub page. This link will allow you to directly download the executable so you do not have to download the entire project and manually compile it yourself.
You can access the BunnyOverflow script as well as the Bad Characters Finder shown in the video, on my GitHub, using the links below.
Demonstration
Now, without further ado, here is the demonstration.
While this script may have a limited audience, I am hoping that someone will find it useful. There are opportunities to expand on the script. For example, adding support for various terminal emulators, or more advanced buffer overflow features.
If you have suggestions, feel free to leave a comment below, on the video, or email me directly at matthew@hierthinking.com