Gary Jones
Gary Jones
Buffer OverflowFuzz Testingnmapnetcatcybersecurity

Buffer Overflow Exploitation in Brian’s Service

Buffer Overflow Exploitation in Brian’s Service
0 views
3 min read
#Buffer Overflow#Fuzz Testing#nmap#netcat#cybersecurity
Table Of Content

Buffer Overflow Exploitation in Brian’s Service Report

Situation:

This exercise focused on identifying and exploiting a buffer overflow vulnerability in the custom waste? service running on www.artstailor.com. The goal was to gain shell access by manually fuzz-testing the service and analyzing the issue in the program's source code.

Obstacles:

  1. Undocumented Service: The waste? service on port 1337 was unrecognized, requiring additional analysis to determine its behavior.
  2. Manual Exploitation: Achieving the buffer overflow and understanding its effect on command execution involved trial and error.
  3. Privilege Restriction: The exploit only provided access as user brian, with no administrative privileges.

Actions Taken:

  1. Service Discovery:
    • Conducted a full TCP port scan using nmap -p0-65535 -sV www.artstailor.com to identify the custom waste? service on port 1337.
  2. Service Interaction:
    • Used netcat to connect to port 1337 and observed the login prompts and available commands.
  3. Buffer Overflow Exploitation:
    • Performed fuzz testing by inputting strings longer than 16 characters, causing the overflow.
    • Inserted the payload !/bin/bash to overwrite commands and gain a bash shell.
  4. Source Code Analysis:
    • Located the source code of the waste? service in brian’s home directory.
    • Identified the vulnerability in the line fgets(admin, BUFLEN, stdin); which allowed up to 1024 characters to be read into a 16-character buffer.
  5. Key Retrieval:
    • Navigated the file system after gaining shell access and retrieved the ninth encryption key: KEY009-=l5\x02&5#\x12s7\x04*3\x08˜thh\x0633 zz.

Results:

  1. Vulnerability Identified:
    • Type: Buffer Overflow.
    • Service: waste? on port 1337.
    • Risk: Critical.
    • Description: Input beyond 16 characters overwrites adjacent memory, enabling arbitrary command execution.
  2. Impact:
    • Remote access as user brian was achieved, allowing shell access to the system.
    • Privilege escalation was not possible due to restricted permissions for user brian.
  3. Key Found: KEY009-=l5\x02&5#\x12s7\x04*3\x08˜thh\x0633 zz.

Tool Purpose Overview

nmap:

  • Used to scan all TCP ports and identify the waste? service on port 1337.

netcat:

  • Tool for interacting with the custom service to observe prompts and test inputs.

Source Code Analysis:

  • Reviewed the waste? service’s source code to pinpoint the buffer overflow vulnerability and explain its mechanism.

Fuzz Testing:

  • Manual process of supplying invalid or excessive inputs to uncover vulnerabilities in the service.

View PDF Document