1- Spiking

Spiking: Finding the vulnerable Part of the program.

Run the Vulnserver software with administrator:

Run the Immunity Debug software with administrator. Go to File and select Attach and select Vulnserver.

We can check the status at the bottom right corner "Paused"

By clicking button Run or F9 and we can check status "Running" at the bottom right corner.

From Kali machine, use NetCat tool connect to the vulnserver:

To perform spike, we can use tool "generic_send_tcp"

For spike_script: we send randomly variable to try to break the part of the program "STATS".

We start to send out randomly variable to test whether that part of the program vulnerable or not and nothing happened and it doesn't look like vulnerable.

Again, we send randomly variable to try to break the part of the program "TRUN".

We found out that, after send out randomly to the TRUN part, immediately the immunity debug start blinking. We can check the status and found "Paused" and Access violation.

Also noticed that the vulnserver already crashed.

On Immunity Debugger, we found that the buffer space was filled out by letter "A" and actually it was filled over. Noticed that we have filled over ESP (Extended Stack Pointer), EBP (Extended Based Pointer), and EIP (Extended Instruction Pointer) / Return address.

The EIP is the important. The fact, if we can control this EIP, we can point this to malicious.