README

Introduction to Exploit Development Course

Scenario

• Media RM2MP3 Converter is a small software application specialized in converting audio and video files (RM and RMVB) to MP3 file format using batch actions

  On July 17, 2009 a Buffer Overflow vulnerability was reported for this software via packetstormsecurity.org

• Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.m3u) file.

  Prerequisites

  Easily found with a quick Google search.

  • RM2MP3 Converter

  • Immunity Debugger (Optional)

Activity summary:

• Lab 1 - Crash RM2MP3 Converter

• Lab 2 – Sample Code

• Lab 3 – Locating EIP

• Lab 4 – Shellcode?

• Lab 5 – Shellcode testing

• Lab 6 – Locating op codes

• Lab 7 – Writing shellcode

• Lab 8 – Changing encoding to get shellcode

• Lab 9 – Getting a legitimate shell

• Lab 10 - Bad Characters