DEP (Data Execution Prevention) is a set of hardware, and software, technologies that perform additional checks on memory, to help prevent malicious code from running on a system.
The primary benefit of DEP is to help prevent code execution from data pages, by raising an exception, when execution occurs.
ASLR (Address Space Layout Randomization) randomizes the base addresses of loaded applications, and DLLs, every time the Operating System is booted.
Interacting with the POP3 Protocol
if the protocol under examination was unknown to us, we would either need to look up the RFC of the protocol format, or learn it ourselves, using a tool like Wireshark.
To reproduce the netcat connection usage performed earlier in the course using a Python script, our code would look similar to the following
Taking this simple script and modifying it to fuzz the password field during the login process is easy. The resulting script would look like the following.
Run this script against your SLMail instance, while attached to Immunity Debugger.
The results of running this script shows that the Extended Instruction Pointer (EIP) register has been overwritten with our input buffer of A’s (the hex equivalent of the letter A is \x41).
This is of particular interest to us, as the EIP register also controls the execution flow of the application.
This means that if we craft our exploit buffer carefully, we might be able to divert the execution of the program to a place of our choosing, such as a into the memory where we can introduce some reverse shell code, as part of our buffer.