Windows Stack Based Auto Buffer Overflow Exploiter

Related tags

Security related resourcesautoflow
Overview

Autoflow - Windows Stack Based Auto Buffer Overflow Exploiter

Overflow

Autoflow is a tool that exploits windows stack based buffer overflow automatically.

By reducing human efforts, Autoflow works flawlessly and performs all the steps involved in a buffer overflow attack.

Autoflow works on Interative Command Line Inteface and simplies the whole attack process.

Its Highly Recommended that you should already know the process of manual buffer overflow attack.

Autoflow needs only these inputs to function :

  • IP Address of Target.
  • Port Number Where Vulnarable Application is Active.
  • Vulnarable Command
  • EIP Register Value (Only Asked During EIP Overwrite Phase)
  • Bad Characters
  • Your LHOST and LPORT whew you want to spawn the shell
  • JMP ESP Address

Meanwhile you will only have to provide inputs and the tool will perform all the tasks involved by itself.

The tool will ask you to perform small actions when needed.

Debugger is something that works on client side so the user needs to perform some tasks that are beyond the limits of this tool as of now.

Overall the idea behind building this tool is to perform the stack based buffer overflow attack in a small amount of time and without taking any hassle of manually performing everything.

Requirements

  • Kali Linux OS

  • msfvenom (Included with metasploit)

  • pattern_create.rb (Included with metasploit)

  • pattern_offset.rb (Included with metasploit)

  • netcat

  • python2.7 with socket, time, sys, subprocess, os modules.

  • Immunity Debbuger on client side

How To Install Autoflow ?

git clone https://github.com/etc5had0w/autoflow.git

cd autoflow/

chmod +rwx setup.sh

sudo ./setup.sh

How To Run Autoflow ?

run this command from your console from the autoflow folder :

./autoflow

Note : Make sure you execute Autoflow only from the Autoflow Folder.

Features

Autoflow performs these tasks automatically :

  • Fuzzing

  • Offset Matching

  • EIP Register Overwriting

  • Seding Intended Buffer for Bad Character Detection

  • Generating Payload For Reverse Shell

  • Sending Malicious Buffer to Spawn a Reverse Shell

How to use Autoflow :

Here is a small video tutorial for Autoflow :

AUTOFLOW DEMO

Owner
Himanshu Shukla
Trying to learn new things every day!
Himanshu Shukla
GitHub Repository
AIL LeakFeeder: A Module for AIL Framework that automate the process to feed leaked files automatically to AIL

AIL LeakFeeder: A Module for AIL Framework that automates the process to feed leaked files automatically to AIL, So basically this feeder will help you ingest AIL with your leaked files automatically

ail project 8 May 03, 2022
An easy-to-use wrapper for NTFS-3G on macOS

ezNTFS ezNTFS is an easy-to-use wrapper for NTFS-3G on macOS. ezNTFS can be used as a menu bar app, or via the CLI in the terminal. Installation To us

Matthew Go 34 Dec 01, 2022
(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor

DSLF DSLF stands for (D)arth (S)ide of the (L)og4j (F)orce. It is the ultimate log4j vulnerabilities assessor. It comes with four individual Python3 m

frontal 1 Jan 11, 2022
Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.

Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.

Jet Berry's 21 Jan 01, 2023
Security offerings for AWS Control Tower

Caylent Security Catalyst Reference Architecture Examples This repository contains solutions for Caylent's Security Catalyst. The Security Catalyst is

Steven Connolly 1 Oct 22, 2021
Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

Big-Papa is a remote cookie stealer which can then be used for session hijacking and Bypassing 2 Factor Authentication

77 Jan 03, 2023
Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets.

Yuyu Scanner Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets. installation ! run as root

Justakazh 20 Nov 24, 2022
A small POC plugin for launching dumpulator emulation within IDA, passing it addresses from your IDA view using the context menu.

Dumpulator-IDA Currently proof-of-concept This project is a small POC plugin for launching dumpulator emulation within IDA, passing it addresses from

Michael 9 Sep 21, 2022
IDA plugin for quickly copying disassembly as encoded hex bytes

HexCopy IDA plugin for quickly copying disassembly as encoded hex bytes. This whole plugin just saves you two extra clicks... but if you are frequentl

OALabs 46 Oct 30, 2022
GDID (Google Dorks for Information Disclosure)

GDID (Google Dorks for Information Disclosure) Script made for your recon automation in Bug Bounty or Pentest. It will help you to find Information Di

Nischacid 5 Mar 10, 2022
HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907

CVE-2022-21907 Description POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. create by antx at 2022-01-17. Detail HTTP

赛欧思网络安全研究实验室 365 Nov 30, 2022
vulnerable APIs

vulnerable-apis vulnerable APIs inspired by https://github.com/mattvaldes/vulnerable-api Setup Docker If, Out of the box docker pull kmmanoj/vulnerabl

9 Jun 01, 2022
MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions

MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions (pdf, doc, docx, etc), and downloads them.

Joe Helle 150 Jan 03, 2023
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

sqlmapproject 25.7k Jan 08, 2023
This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies.

Wallet Tracker This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies. build docker build -t wallet-tracker . run

2 Mar 21, 2022
spring-cloud-gateway-rce CVE-2022-22947

Spring Cloud Gateway Actuator API SpEL表达式注入命令执行(CVE-2022-22947) 1.installation pip3 install -r requirements.txt 2.Usage $ python3 spring-cloud-gateway

k3rwin 10 Sep 28, 2022
This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

26 Dec 26, 2022
Searches filesystem for CVE-2021-44228 and CVE-2021-45046 vulnerable instances of log4j library, including embedded (jar/war/zip) packaged ones.

log4shell_finder Python port of https://github.com/mergebase/log4j-detector log4j-detector is copyright (c) 2021 - MergeBase Software Inc. https://mer

Hynek Petrak 33 Jan 04, 2023
PasswordManager is a command-line program that helps you manage your secret files like passwords

PasswordManager is a command-line program that helps you manage your secret files like passwords. It's very minimalistic and easy to use.

Michael 3 Dec 30, 2021
This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

PYTHON-EXPLOITATION This is a repository filled with scripts that were made with Python, and designed to exploit computer systems. Networking tcp_clin

Nathan Galindo 1 Oct 30, 2021