Yeah sure @Aditya Gupte. So, the "A" characters are just padding. Originally I threw 200 "A" characters at the binary and it crashed, then I calculated the offset at 168. That's where that number came from. Then I sent 168 "A" characters minus the length of the shellcode which provides that padding, add the CALL EAX address to instruct the binary to launch shellcode, and that gets the reverse shell connection initiated from IMF. Check out my Python script, it's pretty intuitive if you're familiar with scripting. github.com/jessekurrus/agentsploit/blob/master/agentsploit.py
@@JesseKurrus Thanks a lot! I checked out your script and I understood it after carefully watching the video again. Great video and please keep up the good work by pwning more boxes.
Amazing videos Jesse. Thank you for sharing your knowledge
Good video! Can you explain the significance of "A" * 168 - len(buf) again?
Yeah sure @Aditya Gupte. So, the "A" characters are just padding. Originally I threw 200 "A" characters at the binary and it crashed, then I calculated the offset at 168. That's where that number came from. Then I sent 168 "A" characters minus the length of the shellcode which provides that padding, add the CALL EAX address to instruct the binary to launch shellcode, and that gets the reverse shell connection initiated from IMF. Check out my Python script, it's pretty intuitive if you're familiar with scripting.
github.com/jessekurrus/agentsploit/blob/master/agentsploit.py
@@JesseKurrus Thanks a lot! I checked out your script and I understood it after carefully watching the video again. Great video and please keep up the good work by pwning more boxes.
Thanks Aditya. I appreciate it.
Rock On!!!