BrainPan — Vulnhub Walkthrough

Before Running Script
After Running Script
Output of Fuzzing.py
pattern_create.rb metasploit-framework payload.
Offset.py
Registers overwritten
Exact match found at 524.
Inserting B’s at EIP.
EIP written with 42424242 = hex value of BBBB
Badchars.py
No bad chars. Nothing replaced by original hex
Mona instead of Moana
!mona modules
I found return address: 0x311712f3
breakpoint.py
breakpoint hit at JMP ESP.
payload.
part 1 overflow.py
part 2 overflow.py
plugnplay running
compile dirtycow for 32 bit linux kernel
access to /etc/shadow

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store