dostackbufferoverflowgood
OSCP-BoF
Our great sponsors
dostackbufferoverflowgood | OSCP-BoF | |
---|---|---|
13 | 2 | |
1,366 | 64 | |
- | - | |
0.0 | 0.0 | |
almost 3 years ago | almost 3 years ago | |
C | Python | |
- | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dostackbufferoverflowgood
-
Pre-OSCP Knowledge
This one: https://github.com/justinsteven/dostackbufferoverflowgood
-
BOF Learning Resources?
IDK if the type of BOF has changed since I did it, but https://github.com/justinsteven/dostackbufferoverflowgood was VERY helpful to me.
- Need resources for BO and AD study
-
Asking for help
A topic that many start with is buffer overflows so there are a lot of tutorials it. Maybe start there. A resource on learning that topic that I liked is https://github.com/justinsteven/dostackbufferoverflowgood
-
Important PWK Machines
Master buffer overflows so you can get 25 points out the gate, while you're scanning the other boxes (Yeh...that was a pro tip 😁). Justin Stevens will set you right. https://github.com/justinsteven/dostackbufferoverflowgood/blob/master/dostackbufferoverflowgood_tutorial.md
-
BOF in Proving Grounds?
Completing this https://github.com/justinsteven/dostackbufferoverflowgood a few times (the YouTube video is fun and informative to watch too) and a methodical script template that a friend crafted and taught me to use got me over on the BOF. PG and THM didn't exist when I did my last attempt but I would certainly use them if I was taking the exam today. All the best!
-
BOF - Where do I Practice(outside the lab)?
dotackbufferoverflowgood - If you’re interested to get a more in-depth understanding of BoF in order to better apply it in a wider variety of scenarios, do check out https://github.com/justinsteven/dostackbufferoverflowgood. Replicate the PDF step-by-step, you’ll learn a lot from this. It also goes through interesting payloads other than the typical reverse shell we normally use.
- For whatever reason, I am having a lot of trouble grasping buffer overflows. What is your favorite resource/video that spelled it out for you when you learned?
- Linux Buffer Overflow on OSCP exam?
-
Tib3rius Tryhackme for BOF of OSCP?
DoStackBufferOverFlowGood: https://github.com/justinsteven/dostackbufferoverflowgood
OSCP-BoF
-
For whatever reason, I am having a lot of trouble grasping buffer overflows. What is your favorite resource/video that spelled it out for you when you learned?
And then once you get the concepts, https://github.com/3isenHeiM/OSCP-BoF for the practical methodology (I'm the author).
- 1st attempt, 80+ points. My experience and some unpopular opinions inside.
What are some alternatives?
Buffer-Overflow-Exploit-Development-Practice - Good For OSCP Training
SUID3NUM - A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)
HackSysExtremeVulnerableDriver - HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux
zenith - Zenith exploits a memory corruption vulnerability in the NetUSB driver to get remote-code execution on the TP-Link Archer C7 V5 router for Pwn2Own Austin 2021.
PWK-OSCP-Preparation-Roadmap - Roadmap for preparing for OSCP, anyone is free to use this, and also feedback and contributions are welcome
TireFire - Automate the scanning and enumeration of machines externally while maintaining complete control over scans shot to the target. Comfortable GUI-ish platform. Great for OSCP/HTB type Machines as well as penetration testing.
Privilege_Escalation
raptor_infiltrate20 - #INFILTRATE20 raptor's party pack.
GOAD - game of active directory
SUDO_KILLER - A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.
OSCE - Some exploits, which I’ve created during my OSCE preparation.
try-harder - "Try Harder" is a cybersecurity retro game designed to simulate 100 real-world scenarios that will help you prepare for the Offensive Security Certified Professional (OSCP) exam, all while offering an immersive experience and retro aesthetic. Enter Real commands correctly, move to the next host, and get a point. Can you get 100?