Brainpan - 1 - Buffer Overflow - Offensive Security

Search…

Brainpan - 1 - Buffer Overflow

Summary:
     vulnerable software : Brainpan.exe
     system vulnerable : 192.168.1.119:9999
     vulnerability explanation : Brainpan's user input is vulnerable to Buffer Overflow .
     severity : critical
Enumeration:
Command run:
└──╼ $nmap 192.168.1.119 -sV -sC
Starting Nmap 7.70SVN ( https://nmap.org ) at 2019-01-30 07:08 GMT
Nmap scan report for 192.168.1.119
Host is up (0.0021s latency).
Not shown: 998 closed ports
PORT      STATE SERVICE VERSION
9999/tcp  open  abyss?
| fingerprint-strings: 
|   NULL: 
|     _| _| 
|     _|_|_| _| _|_| _|_|_| _|_|_| _|_|_| _|_|_| _|_|_| 
|     _|_| _| _| _| _| _| _| _| _| _| _| _|
|     _|_|_| _| _|_|_| _| _| _| _|_|_| _|_|_| _| _|
|     [________________________ WELCOME TO BRAINPAN _________________________]
|_    ENTER THE PASSWORD
10000/tcp open  http    SimpleHTTPServer 0.6 (Python 2.7.3)
|_http-title: Site doesn't have a title (text/html).
​
Directories discovery:
└──╼ $dirb http://192.168.1.119:10000/
​
-----------------
DIRB v2.22    
By The Dark Raver
-----------------
​
START_TIME: Wed Jan 30 07:06:19 2019
URL_BASE: http://192.168.1.119:10000/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
​
-----------------
​
GENERATED WORDS: 4612                                                          
​
---- Scanning URL: http://192.168.1.119:10000/ ----
+ http://192.168.1.119:10000/bin (CODE:301|SIZE:0)                             
+ http://192.168.1.119:10000/index.html (CODE:200|SIZE:215)
Url location http://192.168.1.119:10000/bin contains brainpan.exe binary providing a web service running on port 9999:
​
Further tests were conducted on brainpan.exe running on a Windows 10 LTSC machine x32. Here we see that applications user input in prone to Buffer Overflow: 

10.10.10.84 - Poison - LFI (Log Poisoning)

Next - Web Vulnerabilities - OWASP TOP 10

SQL Injection

Last modified 3yr ago

Copy link