![echo server netcat windows echo server netcat windows](https://www.cyberciti.biz/media/new/cms/2012/12/nc-netcat.png)
Now, we will run the program in debugger, and run the python script on the machine B and we will see the following output on the machine A.Īs can be seen in the above screenshot that the program execution has reached to the RETN instruction where we had created the breakpoint in previous steps. in previous articles, so we are not going to explain it here.)Īs shown in the above screenshot, we have created the breakpoint in the debugger. (We have already explained the basics like what is breakpoint, how do we create breakpoints and what is RETN instruction etc.
![echo server netcat windows echo server netcat windows](https://1.bp.blogspot.com/-NYRqyrp0DkY/UK37P-AfmJI/AAAAAAAAAhU/Ugy6NVUXMmE/s640/netcat.jpg)
It can be seen in the above screenshot that we have replaced B’s with the C’s address, now let’s create a break point on the RETN instruction in the machine A so that we can analyse the things in a better way. After making the above change in the script the python script will look like this. Now, in python script let’s replace B’s with this address. We know that stack works with Last-in-First-Out rule, so we will have to write the address in reverse order. However it is a little tricky to write the memory address in the user input. Now, we will have to replace the B’s with 0022F730 in the python script that we have created in machine B. We can also see the same in the above screenshot. So let’s change the EIP register value with C’s address. We can see the same in the following screenshot.Īs we have already seen in previous articles, that if we change the EIP position in the memory we can actually change the way of the program execution. After that, we can see there are multiple 44444444 values in the stack that are filled by the user input.Top of Stack is holding the value 43434343 which is our C’s.
![echo server netcat windows echo server netcat windows](https://hakin9.org/wp-content/uploads/2020/06/Screen-Shot-2020-06-05-at-10.19.51.png)
EIP is pointing 42424242 which is our B’s.When we closely look into the debugger, we notice the following things. Now, after running the above python script we can see that the server program is again crashed which can be seen in the screenshot given below. We could do the same by pressing CTRL+F2. After making these changes the script will look like the one given below.Īfter saving the script, restart the Echo-Server program which is running with debugger in Machine A. Now, we will append another 4 C’s after the B’s and then some D’s in the python script. As of now, our python script is following. So, for better understanding, let’s do some changes in the python script. We can see in the above screenshot that EIP is overwritten by 42424242 (B’s in Hexadecimal) and Top of the Stack is holding to 43434343(C’s in Hexadecimal). So, let’s run our python script again on machine B and following will be the output on the Machine A. In this article of buffer overflow, we will be developing and working an exploit for the Echo Server program.
#Echo server netcat windows how to
We assume that readers have enough knowledge about how to crash an echo server program and about identifying the return address position by manipulating user input with the help of special scripts. Note: Kindly read the previous articles, as this article is a follow up of the same.