Updates exploit-examples_2.md

# Exploit-examples 2

So whole sections continues to be a chaos. So instead of repairing the broken chapters I am just going to start writing a new, and see if I can have it make more sense this time.

You have an application that you know is vulnerable to a buffer overflow. These are the steps to exploit it:

1. Find the buffer overflow

- Find the buffer overflow

- Find exact offset

- Identify bad characters

## Find the buffer overflow

First we need to find where it is. We can do that by progressivly add more bytes and then attach the process to a debugger (immunity, olly). Then we just probe the application with more and more bytes until we reach the limit where the application crashes.

2. Find exact offset

## Find exact offset

Now we need to know exactly where the offset is. We can do that using some metasploit tools. We create a fuzzing payload lke this

```

/usr/share/metasploit-framework/tools/exploit/pattern_create.rb 700

/usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 700

```

This will return something like this:

We take that hex and check with another metasploit tool to know the exact offset. Like this

```

/usr/share/metasploit-framework/tools/exploit/pattern_offset.rb 39694438 700

/usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q 39694438 -l 700

# Stdout

[*] Exact match at offset 605

```

So now we know the exact offset. This means that we know where we have the EIP. We can now modify our exploit-script to place a uniq string in the EIP to make sure everything is working as expected.

3. Identify bad characters

## Identify bad characters

Now it is time to start developing our malicious payload. But before we do that we need to know what bad characters we have, so we can avoid them. We can do that by sending all characters to the buffer and see how the application reacts to it.