book

Kali Linux Penetration Testing Bible

by Gus Khawaja

June 2021

Intermediate to advanced

512 pages

11h 12m

English

Wiley

Read now

Unlock full access

What Does This Book Cover?Companion Download FilesHow to Contact the PublisherHow to Contact the Author
Kali Linux File SystemManaging Users and Groups in KaliFiles and Folders Management in Kali LinuxRemote Connections in KaliKali Linux System ManagementNetworking in Kali LinuxSummary
Basic Bash ScriptingPrinting to the Screen in BashVariablesScript ParametersUser InputFunctionsConditions and LoopsSummary
Basics of NetworkingNetwork ScanningDNS EnumerationSummary
Passive Footprinting and ReconnaissanceSummary
Spear Phishing AttacksPayloads and ListenersSocial Engineering with the USB Rubber DuckySummary
Transfer ProtocolsE‐mail ProtocolsDatabase ProtocolsCI/CD ProtocolsWeb Protocols 80/443Graphical Remoting ProtocolsFile Sharing ProtocolsSummary
Vulnerabilities AssessmentServices ExploitationSummary

Web Application VulnerabilitiesSummary
Web Enumeration and ExploitationSecure Software Development LifecycleSummary
Introduction to Kernel Exploits and Missing ConfigurationsKernel ExploitsSUID ExploitationOverriding the Passwd Users FileCRON Jobs Privilege EscalationsudoersExploiting Running ServicesAutomated ScriptsSummary
Windows System EnumerationFile TransfersWindows System ExploitationSummary
Dumping Windows HashesPivoting with Port RedirectionSummary
Basics of CryptographyCracking Secrets with HashcatSummary
Overview of Reports in Penetration TestingScoring SeveritiesReport PresentationSummary
CPU RegistersAssembly InstructionsData TypesMemory SegmentsAddressing ModesReverse Engineering ExampleSummary
Basics of Stack OverflowStack Overflow ExploitationSummary
Basics of PythonRunning Python ScriptsDebugging Python ScriptsPracticing PythonPython Basic SyntaxesVariablesMore Techniques in PythonSummary
Penetration Test RobotSummary
Downloading and Running a VM of Kali LinuxKali Xfce DesktopSummary
Docker TechnologySummary

Content preview from Kali Linux Penetration Testing Bible

CHAPTER 16Buffer/Stack Overflow

In the previous chapter, you learned about the assembly instructions. After that, you saw how to use Immunity Debugger to visualize the internal instructions of a program (aka reverse engineering). This chapter will use what you have learned previously to exploit the stack using the buffer overflow technique. Before starting, you should already understand the basics of the assembly language instructions and should have practiced the examples in the previous chapter.

The topics that you will learn about in this chapter include the following:

Basics of the stack
How to exploit the stack
The workflow to achieve a buffer overflow

Basics of Stack Overflow

Now that you understand reverse engineering fundamentals, it’s time to start with something more meaningful to exploitation. In this section, we will see how to smash the stack with our hacking skills. We will outsmart the CPU and the regular stack manipulation to achieve our exploitation goals.

Stack Overview

Long story short, a stack is used to allocate short‐term storage for function parameters and local variables of that function. It’s important to know that a new stack is created every time we run a function. The size of the stack frame is fixed after the creation using the prologue instructions, and the stack frame is deleted at the end of the function (see Figure 16.1).