Offensive Security
Search…
Web Vulnerabilities - OWASP TOP 10
Other Web Vulnerabilities
Brainpan - 1 - Buffer Overflow
Summary:
vulnerable software : Brainpan.exe
system vulnerable : 192.168.1.119:9999
vulnerability explanation : Brainpan's user input is vulnerable to Buffer Overflow .
severity : critical
Enumeration:
Command run:
1
└──╼ $nmap 192.168.1.119 -sV -sC
2
Starting Nmap 7.70SVN ( https://nmap.org ) at 2019-01-30 07:08 GMT
3
Nmap scan report for 192.168.1.119
4
Host is up (0.0021s latency).
5
Not shown: 998 closed ports
6
PORT STATE SERVICE VERSION
7
9999/tcp open abyss?
8
| fingerprint-strings:
9
| NULL:
10
| _| _|
11
| _|_|_| _| _|_| _|_|_| _|_|_| _|_|_| _|_|_| _|_|_|
12
| _|_| _| _| _| _| _| _| _| _| _| _| _|
13
| _|_|_| _| _|_|_| _| _| _| _|_|_| _|_|_| _| _|
14
| [________________________ WELCOME TO BRAINPAN _________________________]
15
|_ ENTER THE PASSWORD
16
10000/tcp open http SimpleHTTPServer 0.6 (Python 2.7.3)
17
|_http-title: Site doesn't have a title (text/html).
18
​
Copied!
Directories discovery:
1
└──╼ $dirb http://192.168.1.119:10000/
2
​
3
-----------------
4
DIRB v2.22
5
By The Dark Raver
6
-----------------
7
​
8
START_TIME: Wed Jan 30 07:06:19 2019
9
URL_BASE: http://192.168.1.119:10000/
10
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
11
​
12
-----------------
13
​
14
GENERATED WORDS: 4612
15
​
16
---- Scanning URL: http://192.168.1.119:10000/ ----
17
+ http://192.168.1.119:10000/bin (CODE:301|SIZE:0)
18
+ http://192.168.1.119:10000/index.html (CODE:200|SIZE:215)
Copied!
Url location http://192.168.1.119:10000/bin contains brainpan.exe binary providing a web service running on port 9999:
​
Further tests were conducted on brainpan.exe running on a Windows 10 LTSC machine x32. Here we see that applications user input in prone to Buffer Overflow:
Copy link