Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Newsletter Hub

Free Learning

You're reading from Hands-On Penetration Testing with Python Enhance your ethical hacking skills to build automated and intelligent systems

Product type Paperback

Published in Jan 2019

Publisher Packt

ISBN-13 9781788990820

Length 502 pages

Edition 1st Edition

Languages

Python

Concepts

Ethical Hacking

Author (1):

Furqan Khan

View More author details

Table of Contents (18) Chapters

Preface

1. Introduction to Python FREE CHAPTER

2. Building Python Scripts

3. Concept Handling

4. Advanced Python Modules

5. Vulnerability Scanner Python - Part 1

6. Vulnerability Scanner Python - Part 2

7. Machine Learning and Cybersecurity

8. Automating Web Application Scanning - Part 1

9. Automated Web Application Scanning - Part 2

10. Building a Custom Crawler

11. Reverse Engineering Linux Applications

12. Reverse Engineering Windows Applications

13. Exploit Development

14. Cyber Threat Intelligence

15. Other Wonders of Python

16. Assessments

17. Other Books You May Enjoy

Leave a review - let other readers know what you think

Exploiting buffer overflows in Windows

There is a known buffer overflow vulnerability in the SLMail 5.5.0 Mail Server software. Let's download the application (from the following URL: https://slmail.software.informer.com/5.5/) and install it in Windows by double-clicking the exe installer. Once installed, run it inside a Windows 7 VM, as shown here:

Let's now attach our running program to an immunity debugger and use a simple Python fuzzer to crash the program, as shown here:

The following screenshot depicts the loaded code once we have clicked on Attach:

Let's use a simple fuzzer written in Python to try to break this code:

Now, let's run the code to see where it breaks the email application and what the buffer values at the time of the crash are:

It can be seen that somewhere between byte number 2700 and 2900 the access violation exception occurs...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Furqan Khan

Furqan Khan is a security researcher who loves to innovate in Python, pentesting, ML, AI, and big data ecosystems. With a gold medal at both M.Tech and B.Tech, he started off as a research scientist at NITK, where he developed a web app scanner for the Ministry of IT (India). He then worked as a security researcher with Paladion Networks and Wipro Dubai exploring pentesting/exploitation space where he developed tools such as vulnerability scanner and a threat intelligence platform. Currently, he is working with Du-Telecom Dubai as a pentesting manager. He has published and co-authored white papers and journals with Springer and Elsevier, and has also presented his research and development work at international conferences, including CoCon.

See other products by Furqan Khan